IAX Security Attacks

Now that we know the basics of the IAX protocol and its use in authentication, let's discuss some of the many security attacks. In this section, we will discuss the following VoIP attacks on devices using IAX for session setup and media communication:

  • Username enumeration

  • Offline dictionary attack (IAX.Brute)

  • Active dictionary attack

  • Man-in-the-middle attack

  • MD5-to-plaintext downgrade attack (IAXAuthJack)

  • Denial of Service attacks

    • Registration Reject

    • Call Reject

    • HangUP

    • Hold/Quelch (IAXHangup)

Username Enumeration

IAX usernames can be enumerated, in a manner similar to the process described in Chapter 3 for the H.323 protocol. Username enumeration of valid IAX users can be completed using the enumIAX tool written by Dustin D. Trammel. ...

Get Hacking VoIP now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.