Long Island

Chapter Meetings
Scroll down to see the upcoming Long Island OWASP events

RSVP REQUESTED http://www.owasp.org/images/7/7f/Register.gif

Date: 3/18/10 Thursday Time: 6:30 - 8pm Place: Adelphi Garden City Campus  Ruth S. Harley University Center, room 210  Campus MapThe University Center is in the center of the campus, all the way to the North (marked as UNC) Directions: Via the Long Island Expressway (Route 495)

Traveling east Take the L.I.E. to Exit 34 South or the Northern State Parkway to Exit 26 South (New Hyde Park Road). Turn right onto New Hyde Park Road. Continue south on New Hyde Park Road for approximately 3 miles. Turn left onto Stewart Avenue. At the fourth light, turn right onto Nassau Boulevard. Continue approximately for a quarter of a mile. At the first light (as soon as you cross over the railroad tracks), make a left onto South Avenue. The entrance to campus will be on your right.

Traveling west Take the L.I.E. to Exit 39 South or the Northern State Parkway to Exit 31 (Glen Cove Road). Go south. (Note: the road will change from Guinea Woods Road to Glen Cove Road to Clinton Road). Turn right onto Stewart Avenue. Go one mile and at T-junction turn left onto Hilton Avenue. Immediately after crossing the railroad tracks, turn right onto Sixth Street. Continue onto South Avenue. The entrance to campus will be on your left.. Speakers: (TBD)

Blake Cornell, OWASP Board Member NY/NJ/LI

Session Initiation Protocol Bounce Attacks: Enumeration of Networked Addressing and Services With Timing Attacks and Other Vectors

The SIP Bounce Attack is similar in nature to the File Transfer Protocol (FTP) Bounce Attack. SIP allows an attacker the ability to communicate with any Internet Protocol (IP) address or Fully Qualified Domain Name (FQDN) and their respective UDP or TCP port numbers. Utilizing precise timing algorithms it is possible to enumerate the address allocation of private networks (2) and determine the state of their ports. This is possible without authentication.

There is an increasing trend to host SIP services publicly on the internet behind Demilitarized Zones (DMZ), firewalls and Access Control Lists (ACLs). Having the ability to bounce traffic through a protected system and allowing analysis of response data is quite risky.

If a consumer grade VoIP product were reliably vulnerable to SIP bouncing an attacker could have a plethora of possible zombie proxies to choose from.

These and other risks will be discussed.

''Free pizza and beverage will be provided. After event networking will be held at a local bar.''

Come prepared for an evening of networking with your industry peers. We invite all attendees to food and libations after the meeting at a local venue TBA. If you join our mailing list, then you will receive details of the meeting as soon as they are finalized. To be a co-sponsor for this or a future meeting consider annual chapter sponsorship If you can host an upcoming meeting please contact a LI board member.

Chapter Leaders/Contacts
 
 * [mailto:heleng@owasp.org Helen Gao, CISSP]
 * [mailto:ryan.behan@owasp.org Ryan C Behan]
 * [mailto:blake@owasp.org Blake Cornell] 212-202-6704