IAX Security Attacks

Now that we know the basics of the IAX protocol and its use in authentication, let's discuss some of the many security attacks. In this section, we will discuss the following VoIP attacks on devices using IAX for session setup and media communication:

  • Username enumeration

  • Offline dictionary attack (IAX.Brute)

  • Active dictionary attack

  • Man-in-the-middle attack

  • MD5-to-plaintext downgrade attack (IAXAuthJack)

  • Denial of Service attacks

    • Registration Reject

    • Call Reject

    • HangUP

    • Hold/Quelch (IAXHangup)

Username Enumeration

IAX usernames can be enumerated, in a manner similar to the process described in Chapter 3 for the H.323 protocol. Username enumeration of valid IAX users can be completed using the enumIAX tool written by Dustin D. Trammel. ...

Get Hacking VoIP now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.