RE: VOIP Security

• Previous message: philippe.nospam.oechslin_at_objectif-securite.nospam.ch: "Re: Passwords with Lan Manager (LM) under Windows"
• Maybe in reply to: Alvin: "VOIP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <pen-test@securityfocus.com>
Date: Fri, 23 Sep 2005 08:12:29 -0700

There is the possibility that you can attack the company's switch,
possibly getting into it and reconfigure lines or phone features.
Depending on how the phone system is set up, there are possibilities for
other mischief - some setups let you use the phone as a hub for computer
network connectivity. With a little effort you may be able to spoof a
target VoIP phone, or possibly the boot/tftp server and serve your own
config and code to any phones that are booting up. The possibilities are
nearly endless unless the VoIP network has had a lot of serious thought
and effort into how it has been built and secured.

Ian Hayes | Senior Systems Engineer
Wynn Las Vegas
3131 South Las Vegas Blvd, Las Vegas, NV 89109
Ph (702) 770-3252 | Cell (702) 266-6002
Ian.hayes@wynnlasvegas.com
 
> -----Original Message-----
> From: Alvin [mailto:alvind12@ftml.net]
> Sent: Wednesday, September 21, 2005 9:16 PM
> To: pen-test@securityfocus.com
> Subject: VOIP Security
>
> List,
>
> What can be the security implication if I bypassed firewall for VOIP
> traffic and directly route it from router to PABX.
>
> Assuming - This VOIP traffic is coming from trusted partner's network
> but I dont have any control on thier nework at this point of time.
>
> Comments and Suggestions willl be appreciated !!!
>
> Regards
> Al
> --
> Alvin
> alvind12@ftml.net

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Previous message: philippe.nospam.oechslin_at_objectif-securite.nospam.ch: "Re: Passwords with Lan Manager (LM) under Windows"
• Maybe in reply to: Alvin: "VOIP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: VOIP Pen-Testing ... > Does anyone do VOIP pen-testing? ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ... (Pen-Test) SF new article announcement: Two attacks against VoIP ... Two attacks against VoIP ... eavesdrop in to VoIP communications. ... We enjoy publishing article submissions from the community. ... (Security-Basics) New article on SecurityFocus: Two attacks against VOIP ... The following Infocus article was published on SecurityFocus recently: ... Two attacks against VoIP ... We enjoy publishing article submissions from the community. ... (Pen-Test) Re: Voice encryption (Stream vs CBC mode) ... >> And I still don't know of any forgery attacks that are of importance in a ... > matters to your VoIP application, ... Suppose 64 packets per second, ... Compression takes c ms, encryption ... (sci.crypt) RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP ... My intention was not a worm that spreads by ASN1 but one that locates VoIP ... based communication and attacks it! ... Here is a simple description of the h323 protocol, BASED ON ASN1, feel free ... (Bugtraq)