Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: VoIP pentest ?

from [Volker Tanger] Network Security [Permanent Link]
Subject: Re: VoIP pentest ?
Date: Thu, 28 Oct 2004 17:32:20 +0200 
Greetings!

On Wed, 27 Oct 2004 11:28:51 +0200 Frederic Charpentier
<fcharpen@xmcopartners.com> wrote:

does anyone have experiences or papers on VoIP pentest/assessment ?
Expecting classic OS/Network audits and H323/ASN.1 flaws, I can't find
any documentations or papers about flaws in VoIP architecture.


VoIP (SIP and H.323) do media transfer via (unencrypted) RTP/RTCP.
SIP is a simple, unauthenticated cleartext protocol. H.323 similar
(binary and more complex, but still unauthenticated). 

With ARPspoofing etc. it is simple to listen to voice streams or call
setup - or change it. So re-routing voice streams or calls should be
simple.

Quite a high percentage of systems were/are susceptible to buffer
overflows it seems (forgot the URL - about half a year ago). 

For other fun with SIP see e.g.
http://www.infoanarchy.org/story/2004/9/15/23127/3363

Bye

Volker Tanger
ITK Security
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TS/3389 risk on Internet, Jeffrey Clark
Next by Date:  RE: An idiot question, Richard Zaluski
Previous by Thread:  Frontpage files, Burnett, Robert
Next by Thread:  Re: VoIP pentest ?, Ofir Arkin
Indexes:  [Date] [Thread] [Top] [All Lists]