O'Reilly logo

Hacking VoIP by Himanshu Dwivedi

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

IAX Security Attacks

Now that we know the basics of the IAX protocol and its use in authentication, let's discuss some of the many security attacks. In this section, we will discuss the following VoIP attacks on devices using IAX for session setup and media communication:

  • Username enumeration

  • Offline dictionary attack (IAX.Brute)

  • Active dictionary attack

  • Man-in-the-middle attack

  • MD5-to-plaintext downgrade attack (IAXAuthJack)

  • Denial of Service attacks

    • Registration Reject

    • Call Reject

    • HangUP

    • Hold/Quelch (IAXHangup)

Username Enumeration

IAX usernames can be enumerated, in a manner similar to the process described in Chapter 3 for the H.323 protocol. Username enumeration of valid IAX users can be completed using the enumIAX tool written by Dustin D. Trammel. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required