Point, Click, Rtpinject presented at Blackhat USA 2007

by Alex Garbutt,

Tags: Security Media

Summary : The Realtime Transport Protocol (RTP) is
a common media layer shared between H.323, SIP, and Skinny (SCCP) VoIP
deployments. RTP is responsible for the actual voice/audio stream in
VoIP networks; hence attacks against RTP are valid against the bulk VoIP
installations in enterprise environments. Since signaling
(H.323/SIP/SCCP) and media transfer (RTP) are handled by two separate
protocols, injecting audio into a stream is often the most damaging
attack against RTP. RTP is vulnerable to audio injection due to its lack
of integrity protection and its wide tolerance of sequence information.