It’s a good indication that VoIP is catching the fancy of Indian consumers. According to a report in Techshout, Mahanagar Telephone Nigam Ltd (MTNL) has launched an Internet telephony or Voice over Internet Protocol (VoIP) service, which offers very inexpensive call rates for its customers in India. MTNL is the Broadband voice and data telecom services provider for the metros of Delhi and Mumbai in India. MTNL has joined hands with Aksh Optifibre to offer this service.
The service is called Netfone and it allows users to make inexpensive VoIP calls to more than 150 countries.
Initially, Netfone will be available on a prepaid basis and will also be available to all MTNL PCO holders. The customers will be given the choice of two types of plans. In the first plan, for a monthly rental of Rs 200, you can get 400 minutes of SIP-to-SIP calls free and 20 paise per minute subsequently. This plan is called Plan VoIP 200. In the second plan, you will pay a monthly rental of Rs 400 and get 800 minutes of SIP-to-SIP calls free and 10 paise per minute thereafter.
Now, here comes the best part. As most of the consumers in India do not yet have Internet connections at their homes, MTNL has come up with an option to make calls without a PC or the Internet connection! All you need is an adaptor (provided by MTNL) which will be attached to the fixed phone. This adaptor converts the phone into an (IPD) Internet protocol device. Says R S P Sinha, chairman and managing director, “We are now all set to connect the people of our country with the world and I am confident that people would be delighted with the service and demand would certainly increase.”
And if customers are fortunate enough to have a PC and Internet connection, their international call rates drop down to as low as 10 paise per minute (100 paise is equal to 1 Re and at the current rate, approximately 40 rupees equal one U.S. dollar).
Tuesday, August 28, 2007
VOIP vulnerabilities
VOIP means voice over IP, and IP means vulnerabilities. Weaknesses with Session Initiation Protocol for VOIP are well-known, but other widely used protocols such as H.323 and IAX get less attention, according to Himanshu Dwivedi, founding partner at iSec Partners.
“H.323 and IAX are just as bad as SIP, if not worse,” Dwivedi said Wednesday at the Black Hat Briefings security conference.
It can be relatively simple for anyone with access to a network to compromise the call set-up protocols, and Dwivedi and iSEC partner Zayne Lackey proved it with a demonstration of attack tools.
Although SIP may be better known, H.323 is the most widely used protocol in enterprise VOIP environments because of its stability and scalability. IAX is gaining in popularity for use with the Asterisk open-source PBX.
But both H.323 and IAX authenticate to their gatekeepers using MD5 hashing to hide the password. But the elements used with the password to create the hash are transmitted in the clear, making it possible to run an offline dictionary attack against the hash to determine the password. This is an especially simple job for a VOIP telephone where the password will just be numeric, rather than alphanumeric.
“Nine times out of ten you will find that password” with a dictionary attack, Dwivedi said.
IAX passwords can be cracked even more easily because the hash is created from only two elements. Attackers can make up rainbow tables requiring only a look-up of a corresponding password from the hash with no real computation involved.
Authorization to the network can be just as easy to attack by finding the authorization key. Phones also can be blocked from being authorized on the network by sending a spoofed rejection packet.
Once an attacker controls the authentication and authorization of a phone, he can control that phone, impersonate it or gain unauthorized access to the network. Denial-of-service attacks against the protocols are easier.
“Making the VOIP phone unavailable is not very hard,” Dwivedi added.
The protocols can support better security, but products examined by Dwivedi and Lackey did not implement it, they said.
Original article from here
“H.323 and IAX are just as bad as SIP, if not worse,” Dwivedi said Wednesday at the Black Hat Briefings security conference.
It can be relatively simple for anyone with access to a network to compromise the call set-up protocols, and Dwivedi and iSEC partner Zayne Lackey proved it with a demonstration of attack tools.
Although SIP may be better known, H.323 is the most widely used protocol in enterprise VOIP environments because of its stability and scalability. IAX is gaining in popularity for use with the Asterisk open-source PBX.
But both H.323 and IAX authenticate to their gatekeepers using MD5 hashing to hide the password. But the elements used with the password to create the hash are transmitted in the clear, making it possible to run an offline dictionary attack against the hash to determine the password. This is an especially simple job for a VOIP telephone where the password will just be numeric, rather than alphanumeric.
“Nine times out of ten you will find that password” with a dictionary attack, Dwivedi said.
IAX passwords can be cracked even more easily because the hash is created from only two elements. Attackers can make up rainbow tables requiring only a look-up of a corresponding password from the hash with no real computation involved.
Authorization to the network can be just as easy to attack by finding the authorization key. Phones also can be blocked from being authorized on the network by sending a spoofed rejection packet.
Once an attacker controls the authentication and authorization of a phone, he can control that phone, impersonate it or gain unauthorized access to the network. Denial-of-service attacks against the protocols are easier.
“Making the VOIP phone unavailable is not very hard,” Dwivedi added.
The protocols can support better security, but products examined by Dwivedi and Lackey did not implement it, they said.
Original article from here
Monday, August 27, 2007
The IP telephony Cookbook
The IP telephony Cookbook is a reference document addressing technical issues for the set-up of IP telephony solutions. Its goal is to provide the user community with guidelines and information about the IP telephony world and everything related to it. Since the Cookbook is intended to be a technical document, the main target audience are the network engineers and system administrations at universities and (NRENs); however, university students and researchers may find it useful both for enriching their technology background as well as for finding information about advanced research topics and projects in the European community.
Read the book here
Read the book here
Thursday, August 23, 2007
Understanding VoIP
This idea of VoIP is certainly not new, as there are research papers and patents dating back several decades and demonstrations of the concept given at various times over the years. VoIP took center stage with the "information super highway" (or, the Internet) concept that was popularized by former Vice President Al Gore in the 1990s, as the Internet would make it possible to interconnect every home and every business with a packet-switched data network. Before Al Gore's effort to grow the Internet, the Internet was generally limited to use in academic environments, but the possibility of mass deployment of the Internet sparked this renewed interest in VoIP.
Read the full paper from Understanding VoIP
Read the full paper from Understanding VoIP
Subscribe to:
Comments (Atom)