Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Fw: Voip security

from [Sony C] Network Security [Permanent Link]
Subject: Fw: Voip security
Date: Sun, 26 Nov 2006 06:46:39 -0800 (PST) 
Hello Mike,



We are glad to see that Sivus is being used for your VoIP scanning. 

Sivus is currently being updated with a new engine for better multithreading, 
linux support, new test cases and a host of other features including a new 
interface.

 H.323 has been planned for late next year. 

We intend to add Skinny and MGCP as well.

If you have any specific requests for features please let us know.



Regards,

Sony C. (for the Sivus Development Team).

 



----- Original Message ----

From: Mike Klingler <whitehatguru@gmail.com>

To: pen-test@securityfocus.com

Sent: Saturday, November 25, 2006 7:27:28  PM

Subject: Voip security



Working on a recent pen test I ran across a system which was a Cisco

Voip gateway allowing SIP and H.323 protocols externally.  Only those

two ports were available.



1)  I fired up Sivus to scan the SIP protocol and found that it

allowed unauthenticated invite messages into the server.  I follow

this up with further research utilizing netcat to receive messages.

After the initial "200 trying" response I received a couple of "403

forbidden" responses.  My understanding is that the 200 trying meant

that the gateway passed the message back to the back end server and

that server gave the forbidden.  Yet Sivus flagged the vulnerability

as High.  Am I right in assuming if I knew more about the layout I

could try such attacks as a denial of service by ringing all of their

phones at the same time, or sending SPIT?  What potential  flaws could

come from this?



2)  They also had the H.323 protocol available, but SiVUS doesn't

support scanning of that protocol yet.  Anyone know of tools,

methodologies to test this protocol?



Thanks Guys,

Mike Klingler




















__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Windows 2003 - Dumping Service Passwords, Jessie Ling XX (MC/EPA)
Next by Date:  [Full-disclosure] The state of JavaScript Hacking, pdp (architect)
Previous by Thread:  Voip security, Mike Klingler
Next by Thread:  Re: Voip security, Marco Ivaldi
Indexes:  [Date] [Thread] [Top] [All Lists]