Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: VoIP testing Help

from [Ozgur Ozdemircili] Network Security [Permanent Link]
Subject: Re: VoIP testing Help
Date: Thu, 28 Jul 2005 17:46:51 +0300 
Have you tried the program called VOIPONG?. It is was exactly developed for
that. Check out
http://www.enderunix.org/voipong/index.php?sect=screenshot&lang=en
Cheers,

Ozgur Ozdemircilli
Enderunix

----- Original Message -----
From: "Mark Sec" <mark.sec@gmail.com>
To: "Mark Teicher" <mht3@earthlink.net>
Cc: "Hazim" <hazim@scan-associates.net>; "Clement Dupuis"
<cdupuis@cccure.org>; <security-basics@securityfocus.com>;
<pen-test@securityfocus.com>; <Voipsec@voipsa.org>
Sent: Wednesday, July 27, 2005 8:57 AM
Subject: Re: VoIP testing Help


Good thanks for all ur answers, but has anyone the strings under
tcpdump? only the string to capure the trafic VoIP with tcpdump,
examples ? and how to converts the to wave file with vomit?

cheers :-)
/mark.



On 22/07/05, Mark Teicher <mht3@earthlink.net> wrote:

Assembling an arsenal of VoIP Security Tools to assess various VoIP

platforms is quite cumbersome and much different from cobbling together  a
list of non-commercial network security tools and commercial network
security tools.  SiviUS is a nice tool but it is not quite complete, as it
does not test for H.323 or SIP transformation validation and other such
features.


Being able to have a product that is capable of producing threshold index

on various VoIP measurements including a security index on the specific
vulnerabilities it checks for would be a great help in accessing a network
infrastructure migrating to VoIP or reviewing a newly integrated VoIP
solution.


Measurement                     Rating                   Index
MOS                               1.0 --> 200.00         1-->5
Delay
Jitter
Loss

Results accumulated by x number of endpoints, and pertinent variables:

(RTP, Jitter, RTP, QOS, Frame Compression, Payload (GSM, G711, etc), Min
calls, Max calls, cycle


Includes a packet capture and playback feature (mostly likely Ethereal

with statistical plug-ins)

Can be run from any platform (.tar.gz for U*nix and installshield for

Windows especially for those security consultants who are far from click
here, crank there methodology.

Security Feature checking ability (oscheck for specific VoIP products,

using nmap will reveal the underlying operating system (sometimes
attractive) but one is more interested in what the particular VoIP vendor
implemented on top of the underlying operating system, or if certain
libraries have been removed to avoid the "oops, can be compromised
warning/red flagging" the hopped up on "RED BULL" or "CROSS YOUR HEART:
security consultants tend to point out in the fancy long-winded report.


If a VoIP assessment report is more than 10 pages without a fair amount of

self-explanatory graphs, "do not pass GO, and start again"



-----Original Message-----
From: Hazim <hazim@scan-associates.net>
Sent: Jul 21, 2005 10:34 PM
To: Clement Dupuis <cdupuis@cccure.org>
Cc: 'Mark Sec' <mark.sec@gmail.com>, security-basics@securityfocus.com,
       pen-test@securityfocus.com, Voipsec@voipsa.org
Subject: Re: VoIP testing Help

Clement Dupuis wrote:


Do take a look at Cain & Abel (www.oxid.it) they have a voip sniffer and

it

does work ver well with some implementation.

On top of all that: it is FREE

Have fun

Clement


Clément Dupuis, CD
President/Security Evangelist/Chief Learning Officer (CLO)
CCCure Enterprise Security & Training Inc.
CISSP, GCFW, GCIA, Security+, CEH, CCSA, MBNS, MBIS, MBHS, CCSE, ACE
Tel: 954 364 8410 (Florida)
Tel: 514 907 1671 (Montreal)
Tel: 418 907 0263 (Quebec)
Fax: 636 773 6328

Maintainer of :

The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org





-----Original Message-----
From: Mark Sec [mailto:mark.sec@gmail.com]
Sent: Wednesday, July 20, 2005 6:58 PM
To: security-basics@securityfocus.com; pen-test@securityfocus.com;
Voipsec@voipsa.org
Subject: VoIP testing Help

Alo Folks:

Well now we have a audit over VoIP , we need whitepappers, tools ,
links...

the big problem may be are the tools, for example we need "examples"
or "PoC like sniffing over VoIP whith tools tcpdump and Ethereal, how
to convert the traffic to .wav file , Which are the strings over my
shell use tcpdump, opensource and comercial tools.

thanks for all ur help :-)

- Mark











I think Cain & Abel will have a problem with g723 codec. I've tried
sniff using Ethereal and it works well. Just that u need some additional
tools such as JmStudio and rptplay.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Identification of non Cisco AP's, Jonathan Gauntt
Next by Date:  Re: Some trouble with yersinia, David Barroso
Previous by Thread:  Re: VoIP testing Help, Mark Sec
Next by Thread:  Re: VoIP testing Help, druid
Indexes:  [Date] [Thread] [Top] [All Lists]