It happens that i wrote some scripts to play with UA Noe protocol and automate voice vlan penetration using AVA. They bring, i think, through many imperfections, novelties to the ALU security testing world, since there was nearly nothing there on the web (or let say that i didn't find anything ...). you can find them on the following web site: www.cedric-baillet.fr.
I would really enjoy sharing those scripts and have feed back on them.
AlcatelCallBreaker:
------------------
I’ve develop AlcatelCallBreaker for a security demo exposed during the 2008 Alcatel forum. The idea was to have a script that let me play with the proprietary UA Noe signaling protocol to show that encryption of signaling protocol was important.
This script is only effective in a small lab of two or tree ip phones.
The idea there is to do a man in the middle attack to identify signaling flows between the call server and the ip phones. Once they are identified, the script will send the on hook UA Noe sequence to ip phones. They will be frozen and should reboot a few minutes later.
This script was developped under linux kubuntu 7.10.
It need:
scapy (1.1)
ettercap
python (2.5)
Plawava:
---------------
Plawava (Playing with AVA) is a script dedicated to Alcatel Lucent voip environment. I’v�one it to present a security demo at the 2008 Alcatel forum. The idea was to reproduce the voiphopper functionnality, meaning introduce as simply as possible a PC in the voice vlan. Considering the fundamental difference between Cisco And Alcatel solution, it is clear that they do not work with the same mechanisms.
The first step of this script send a DHCP message to make the DHCP server react and receive a DHCP answer with the voice vlan number.
The second step is to capture the answer and analyze it.
Final step consist of configuring the pc network interface in the voice vlan using the vconfig linux command.
The script was develop under linux kubuntu 7.10 using
perl
Net::RawIP
Net::DHCP
Net::Pcap
FAVV (Find Active Voice VLAN)
------------------------------
FAVV (Find Active Voice VLAN) is the script of last chance if voiphopper or plawava are not working. The idea there is to create subinterface in all the VLAN and see if we can obtain an ip address. If you’ve � one, the chance are important that it’s the�ice vlan
FAVV was developped under linux Kubuntu 7.10 with perl. You will need the vlan util package to create the subinterfaces.
