Transport Attacks

Regardless of the signaling standard of choice, once the communication has been established and the called party answers, the voice signal must be converted into a digitized form and then segmented into a stream of packets (since digitized voice requires a large number of bits, a compression algorithm can be used to reduce the volume of data to be sent). The protocol for the transmission of these voice packets is typically the Realtime Transport Protocol (RTP), based on UDP. RTP packets have special header fields that hold data needed to correctly reassemble the packets into a voice signal on the other end.

Together with RTP comes another UDP-based protocol called Real-time Transport Control Protocol (RTCP), which provides out-of-band control and quality information for an RTP flow. It partners with RTP in the delivery and packaging of multimedia data, but does not transport any data itself.

None of the transport protocols discussed use fixed ports for communication. RTP transmissions are done via an even port, whereas the next higher odd port is reserved for RTCP. Although no standards are assigned, RTP and RTCP are generally configured to use unprivileged ports in the range 16384-32767.

Since RTP and RTCP do not provide native encryption capabilities, other protocols have been created that guarantee message confidentiality, authentication, integrity, and replay protection. A list of VoIP transport protocols follows.

VoIP Transport Protocol


Real-time Transport Protocol (RTP)

Insecure transport protocol

RTP Control Protocol (RTCP)

Insecure transport control protocol

Secure RTP (SRTP)

Secure transport protocol


Secure transport control protocol

Zimmermann's RTP (ZRTP)

New secure transport protocol proposal

Media transport-based attacks take advantage of inherent weaknesses in the RTP/ RTCP protocols. They usually rely on unencrypted RTP streams and fall into the following two categories: media eavesdropping and injection and manipulation.

Before outlining the attack vectors specifically related to VoIP transport, we will briefly introduce the best noncommercial testing tools available today (see Table 7-2). The majority of them are compatible with the Linux platform. Figure 7-5 shows an example of Wireshark—one of the tools available.



Implementation Testing


Small and simple RTP fuzzer

Fuzzy Packet

A tool to manipulate messages, can fuzz the RTP protocol

Traffic Analysis and Monitoring


Utility that detects all VoIP calls on a pipeline and dumps actual conversations to separate wave files


Utility to convert Cisco IP phone conversations into wave files


Open-source software system for capturing and retrieving audio streams


Another network analyzer with protocol dissectors for SIP, SDP, H.323, RTP, RTCP, and more

Cain & Abel

Network sniffer able to perform MITM attacks and dump VoIP conversations

Table 7-2 Transport Protocol Testing Tools

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment