Are there free fuzzing tools to test VoIP security?
Fuzzing is a form of stress testing using malformed packets. Fuzzing is also known as functional protocol testing or robustness testing. It is usually used to automate vulnerability discovery. It finds bugs and vulnerabilities by producing different packet types that target a protocol. The fuzzing attack pushes the protocol’s design specifications to the breaking point. It is often used by developers and vendor internal QA groups to test their protocol implementations. It is dangerous to assume that the protocol implementations produced by a vendor are all identical. The protocol software can vary by software release and version. Chapter 11 of “Hacking VoIP Exposed,” www.hackingvoip.com, provides a more in-depth discussion of the technique. The electrical engineering department at Finland’s University of Oulu has been working on VoIP security issues and has a good site to access. This site deals with specific signaling protocol attacks. Another resource is a long presentation by Hendri
