There is the possibility that you can attack the company's switch,
possibly getting into it and reconfigure lines or phone features.
Depending on how the phone system is set up, there are possibilities for
other mischief - some setups let you use the phone as a hub for computer
network connectivity. With a little effort you may be able to spoof a
target VoIP phone, or possibly the boot/tftp server and serve your own
config and code to any phones that are booting up. The possibilities are
nearly endless unless the VoIP network has had a lot of serious thought
and effort into how it has been built and secured.
Ian Hayes | Senior Systems Engineer
Wynn Las Vegas
3131 South Las Vegas Blvd, Las Vegas, NV 89109
Ph (702) 770-3252 | Cell (702) 266-6002
Ian.hayes@wynnlasvegas.com
-----Original Message-----
From: Alvin [mailto:alvind12@ftml.net]
Sent: Wednesday, September 21, 2005 9:16 PM
To: pen-test@securityfocus.com
Subject: VOIP Security
List,
What can be the security implication if I bypassed firewall for VOIP
traffic and directly route it from router to PABX.
Assuming - This VOIP traffic is coming from trusted partner's network
but I dont have any control on thier nework at this point of time.
Comments and Suggestions willl be appreciated !!!
Regards
Al
--
Alvin
alvind12@ftml.net
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
