Scribd Logo
Carica

Benvenuto in Scribd!

  • Voip2day - Presentation - You Are Not Paranoid - Nir Simionovich

    Caricato da

    Nir Simionovich
    127 visualizzazioni27 pagine
    A recent presentation I've done, during VoIP2Day in Madrid. Kudos goes to Avenzada7 for arranging the conference and inviting me over.

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    A recent presentation I've done, during VoIP2Day in Madrid. Kudos goes to Avenzada7 for arranging the conference and inviting me over.

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    127 visualizzazioni27 pagine

    Voip2day - Presentation - You Are Not Paranoid - Nir Simionovich

    Caricato da

    Nir Simionovich
    A recent presentation I've done, during VoIP2Day in Madrid. Kudos goes to Avenzada7 for arranging the conference and inviting me over.

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 27

    You are not paranoid!

    They are really out to get you!




    Nir Simionovich, CEO
    Greenfield Technologies Ltd
    @NirSimionovich
    Developer
    http://www.github.com/greenfieldtech-nirs
    Author
    AsteriskNOW
    Asterisk AGI Programming
    Blogger
    http://www.simionovich.com
    Father
    I have 2 amazing daughters
    Security Researcher and Hacker
    Facts
    Lets get a few facts straightened out

    The Simwood Honeypot network
    About 18 months ago, a study conducted by Simwood had produced
    interesting results
    The study involved the deployment of multiple honeypots in their network
    Each honeypot would reports SIP attacks back to a central database
    These results can be viewed in raw form at
    http://mirror.simwood.com/honeypot/

    clientip method user_agent dialled latest earliest count dialled
    5.200.14.140 INVITE VaxSIPUserAgent 258258 1399859382.323963 1399779834.556501 2398 258258
    37.8.14.2 INVITE eyeBeam 00972592871997 1409435023.422622 1409434894.821695 1005 972592871997
    77.245.75.218 INVITE eyeBeam 00972598610074 1396816479.544600 1396816450.489367 934 972598610074
    188.161.14.248 INVITE VaxSIPUserAgent 1011 1386184504.965029 1386184424.547129 892 1011
    77.245.75.218 INVITE eyeBeam 900972548747167 1396816480.853917 1396816454.514624 767 972548747167
    175.107.181.25 INVITE VaxSIPUserAgent 400500600 1399816064.980052 1399816019.412260 758 400500600
    81.94.205.122 INVITE sipcli 00972595108539 1399241123.925033 1398554479.122285 707 972595108539
    81.94.205.122 INVITE sipcli 000972595108539 1399241711.560072 1398555296.067902 704 972595108539
    195.154.181.28 INVITE sipcli 00972595108539 1401635235.106407 1400793716.214106 638 972595108539
    62.210.167.126 INVITE sipcli 00972598779187 1402441694.752727 1401841159.568917 637 972598779187
    195.154.181.28 INVITE sipcli 000972595108539 1401633678.219079 1400794204.202833 624 972595108539
    107.150.52.234 INVITE sipcli 00972592167944 1408455732.586712 1408038629.117835 593 972592167944
    107.150.52.234 INVITE sipcli 000972592167944 1408456180.716562 1408039016.331728 583 972592167944
    195.154.181.28 INVITE sipcli 00972592590896 1402920378.657869 1400604522.779263 583 972592590896
    195.154.181.28 INVITE sipcli 000972592590896 1402921502.136256 1400604946.152949 576 972592590896
    195.154.181.176 INVITE sipcli 00972592167944 1403632675.452118 1402422064.930485 543 972592167944
    Data from 23/09/2014 Top 15 Records
    Can anyone tell me what is country code 972?
    Can anyone tell me what does +97259 means?
    Vishing Voice Phishing
    A criminal practice of using social engineering over the telephone system to
    gain access to private personal and financial information from the public for
    the purpose of financial reward.
    Sometimes referred to as 'vishing',

    the word is a combination of "voice"
    and phishing.
    Voice phishing exploits the public's trust in landline telephone services,
    which have traditionally terminated in physical locations known to the
    telephone company, and associated with a bill-payer.
    Voice phishing is typically used to steal credit card numbers or other
    information used in identity theft schemes from individuals.
    http://en.wikipedia.org/wiki/Voice_phishing
    Smishing SMS Phishing
    In computing, SMS phishing is a form of criminal activity using social
    engineering techniques.
    Phishing is the act of attempting to acquire personal information such as
    passwords and credit card details by masquerading as a trustworthy entity
    in an electronic communication.
    SMS (Short Message Service) is the technology used for text messages on
    cell phones.
    SMS phishing uses cell phone text messages to deliver the bait to induce
    people to divulge their personal information.
    The hook (the method used to actually capture people's information) in the
    text message may be a website URL, but it has become more common to
    see a telephone number that connects to an automated voice response
    system.
    http://en.wikipedia.org/wiki/SMS_phishing
    Phreaking
    Phreaking is a slang term coined to describe the activity of a culture of
    people who study, experiment with, or explore telecommunication
    systems, such as equipment and systems connected to public telephone
    networks.
    The term phreakis a portmanteau of the words phone and freak, and may
    also refer to the use of various audio frequencies to manipulate a phone
    system.
    Phreak, phreaker, orphone phreak are names used for and by individuals
    who participate in phreaking.
    http://en.wikipedia.org/wiki/Phreaking
    A good attack is combined
    Recent investigations weve conducted have
    indicated the following:

    Vishing is used to obtain information about your PBX
    Smishing is used to create a falsified trust between the
    attacker and the target
    Phreaking is used to investigate your PBX
    Followed by a targeted attack on your PBX to obtain
    control
    Hackers share information
    Shodan Sample Output
    <?xml version="1.0" encoding="UTF-8"?>
    <shodan>
    <summary date="2013-08-06 13:20:52.034972" query="country:IL port:5060 net:213.151.0.0/16" total="1125"/>
    <host country="ISR" ip="213.151.35.76" latitude="31.5" longitude="34.75" port="5060" updated="09.04.2011">
    <data>HTTP/1.0 200 OK
    Connection: close
    Rimon: RWC_BLOCK
    Content-type: text/html
    Refresh: 15
    Content-Length: 132
    Date: Sat, 09 Apr 2011 19:21:38 GMT
    Expire: Fri, 08 Apr 2011 10:01:38
    Pragma: no-cache
    Cache-Control: no-cache
    Server: lighttpd/1.4.19&lt;html&gt;&lt;head&gt;&lt;/head&gt;&lt;body&gt;&lt;center&gt;&lt;b&gt;You are not
    recognized in the system !!!&lt;/b&gt;&lt;/center&gt;&lt;!-- Cdata_cleaner_module --&gt;&lt;/body&gt;&lt;/html&gt;
    </data>
    </host>
    </shodan>
    Is ShodanHQ a hack engine?
    Shodan is not a hack engine
    It is merely an Internet of Things scanner
    If you IP phone or PBX is open on the net, Shodan
    will find it
    The service is very cheap and easy to operate
    Fail2Ban will not protect you
    Fail2Ban can assist in protecting against un-
    wanted SIP traffic
    It can not protect you from Vishing Attacks
    It can not protect you from a faulty IVR
    configuration
    It can not protect you from Voicemail fraud
    It can not protect you from Call-Divert fraud
    It can not protect you from internal employee
    fraud
    What can we do?
    Dont be nave, trusting your firewall is just stupid
    Dont look for a magic solution
    Security is a process, not a tool
    Lets establish a few ground rules:
    Contact information
    (w) http://www.simionovich.com
    (w) http://www.phpari.org
    (w) http://www.greenfieldtech.net
    (e) nir.simionovich at gmail.com

    Potrebbero piacerti anche