Re: Conducting Risk Assessment for VOIP and Thin Client
- From: "Jezebel Ali" <jezebel_ali@xxxxxxxx>
- Date: Fri, 23 Jun 2006 18:14:06 +0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good day esteemed brother Chris Hammer,
You may look at assessment in many way. One: Capture voice traffic
from network and listen in on conversation. Two: Compromise VoIP
servers. Three: Bad configure telephones.
On capture voice traffic, usually there are one network reserved
for voice traffic. Sometime one large organization may have one
network per floor or switch. It may be possible to hop onto VLAN
by using 802.1q tagging. Try first and sniff for VLAN traffic on
network using Ethereal. Usually, also VoIP phones can request IP
address via DHCP. If this is case, then after you have hopped onto
VLAN, use DHCP. You will have to use intrusive technique of ARP
poison in order to capture voice traffic after. I have used tool:
Voipong (http://www.enderunix.org/voipong/) It may difficult for
VLAN hop on MS Window environment, but perhaps your latest NIC
driver has capability. Of course, if you able, then utilize Cain
(http://www.oxid.it/cain.html) Perhaps utilize Ettercap for ARP
spoofing also.
On compromise server, it is simply case of perform VA and gain
access. If you have time, it may be possible to see how server
handle bad packet VoIP signaling protocols. Perhaps then you may
be able to crash or exploit server soft. Also think DHCP starving
of server then issue own DHCP address.
On compromise bad phone, check phone device itself. It may
possible that phone bad configured. Check for listen-into
conversation capability. Sometime supervisor has this ability.
It are many ways of playing with VoIP. Enjoy. Sorry my bad
english.
Kind regards,
Jez
On Wed, 21 Jun 2006 18:40:04 +0400 Chris Hammer <CHammer@xxxxxxxxx>
wrote:
Good morning,-----BEGIN PGP SIGNATURE-----
I have been tasked with conducting a Risk Assessment /
Vulnerability
Assessment on a VOIP and Thin Client environment. Does anyone
have a
good template to start with, as well as ideas as to where to
start? I am
familiar with both of these technologies and understand how they
work
but I by no means an expert on them. Any help would be
appreciated!
Cheers!
Chris
The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to
this
email by anyone else is unauthorized. If you are not the intended
recipient, any disclosure, copying, distribution or any
-------------------------------------------------------------------
-----------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications
continue to rise,
you need to proactively protect your applications from hackers.
Cenzic has the
most comprehensive solutions to meet your application security
penetration
testing and vulnerability management needs. You have an option to
go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed
service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to
confirm your
results from other product. Contact us at request@xxxxxxxxxx for
details.
-------------------------------------------------------------------
-----------
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
wpwEAQECAAYFAkSb9y4ACgkQC68hZJzwc9h3iwP+PjVYUUeiDdnNG5e9GJp/ohYwqiBc
eMwLiHH+do2BtZlW7z/yh4O036/4BA8OW98eJq5mdsaCGl7Srj/+AmASJZ3nF4EGPFVU
YMIFFAPZLR3JqZft6eMoL8D31s4T1B6ujL8dYdC/Kz8sJOGNo3Bb6kJcHB48hBD5F1K0
n5PccRM=
=YChN
-----END PGP SIGNATURE-----
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------
- Prev by Date: Re: I forget the name of a tool
- Next by Date: RE: Unix auditing tools - Windows based.
- Previous by thread: Re: Conducting Risk Assessment for VOIP and Thin Client
- Next by thread: I forget the name of a tool
- Index(es):
Relevant Pages
|
