The End of the PSTN As You Know It presented at DEF CON 20

by Jason Ostrom, Jkarl Feinauer, William Borskey,

Summary : In this talk, we will explore the so-called market
buzz of UC Federation. Rather, we will kick this
term to the bit bucket, and present an overview
of how the industry is deploying these solutions
technically. We will take a closer look at the security
of being able to use UC between organizations,
advertised using DNS, the same way that
companies use UC internally for VoIP, HD Video,
data sharing, IM & Presence, and collaboration
applications. This talk is divided into three sections.
First, well share our research on the state
of public SIP peering using DNS SRV. Is SIP
peering proliferating? How? What does it
mean? Using a PoC research tool, well look at
some initial data weve found, in order to plot
the increase of peering using DNS SRV records
for SIP service location advertisement.
Second, we will show the audience findings
from our UC Federation Honeypot research
project. Weve built a UC solution using a large
commercial vendor, and have tested Federation
with the help of the Global Federation Directory.
Just to see what would happen. Weve also set
up a network of cloud based UC Federation
honeypots using open source software, to explore
attacks against UC Federation Systems.
Last, we show it can be done and how. Did you
know that you can set up your own VoIP server
with DNS based routing and HA and directly
peer between VoIP servers, providing services
for your friends and your company from your
favorite BYOD using an address just like your email
address, right now? For little to no cost, using
open source software? Its interesting that when
companies communicate VoIP inter-domain, the
most prevalent architecture is to route calls over
a private network, or through a carrier connected
to the PSTN. Ironically, the infrastructure has
existed for years to do direct public SIP peering.
Well explore this concept of Islands of VoIP, and
bring together our security research findings in this
area along with industry roadblocks. Can a more
open standard protocol be adopted using existing
open source software, to easily UC Federate
between different vendors? We think this is the
future. Its exciting, and we want to show it to you.