IAX Security Attacks
Now that we know the basics of the IAX protocol and its use in authentication, let's discuss some of the many security attacks. In this section, we will discuss the following VoIP attacks on devices using IAX for session setup and media communication:
Username enumeration
Offline dictionary attack (IAX.Brute)
Active dictionary attack
Man-in-the-middle attack
MD5-to-plaintext downgrade attack (IAXAuthJack)
Denial of Service attacks
Registration Reject
Call Reject
HangUP
Hold/Quelch (IAXHangup)
Username Enumeration
IAX usernames can be enumerated, in a manner similar to the process described in Chapter 3 for the H.323 protocol. Username enumeration of valid IAX users can be completed using the enumIAX tool written by Dustin D. Trammel. ...
Get Hacking VoIP now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.