Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: VoIP Pen test

from [rajat swarup] Network Security [Permanent Link]
Subject: Re: VoIP Pen test
Date: Thu, 24 Jan 2008 22:54:36 -0500 
On 23 Jan 2008 18:19:01 -0000,  <sisram2@gmail.com> wrote:

Hi Guys,


As mentioned earlier I have come across couple of Cisco routers having only 
ports 1720 and 5060 OPEN for VoIP service. I have attempted Sivus, SIPscan 
and Protos Fuzzer but invain.




Did you try port scanning on the TFTP UDP port? Check that
out....there's also a tool called TFTPBruteForcer (in perl) that could
be helpful.  Also, sniff on the VLAN (if you can) hosting the VoIP
infrastructure you could get SNMP strings that could give you more
information.  Attempt ARP spoofing between 2 systems if you can so you
don't cause a massive DoS and you could potentially steal
conversations with Cain (http://www.oxid.it).

Hope it helps,
Rajat.
-- 
Rajat Swarup

http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Wfuzz v1.4 - The web bruteforcer, Christian Martorella
Next by Date:  Oracle password cracker, ahgaber_rehan
Previous by Thread:  RE: VoIP Pen test, Perez, Carlos (Puerto Rico)
Next by Thread:  Re: Faxing and PCI DSS compliance, Nervous
Indexes:  [Date] [Thread] [Top] [All Lists]