Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: VoIP security

from [Joshua Berry] Network Security [Permanent Link]
Subject: RE: VoIP security
Date: Thu, 21 Apr 2005 08:34:35 -0500 
There are programs out there capable of replaying VoIP sessions:

Vomit:
http://vomit.xtdnet.nl/
The vomit utility converts a Cisco IP phone conversation into a wave
file that can be played with ordinary sound players. Vomit requires a
tcpdump output file. Vomit is not a VoIP sniffer also it could be but
the naming is probably related to H.323.

I haven't found any others but it is definitely possible.  VoIP travels
over IP and therefore can be encrypted through IPSec tunnels or other
means but I doubt most ISP's are doing that right now.

-----Original Message-----
From: Seth Art [mailto:sethart@gmail.com] 
Sent: Wednesday, April 20, 2005 8:52 AM
To: security-basics@securityfocus.com
Subject: VoIP security

My coworker had an interesting question.  She had to validate her
credit card number over the phone using her social and other sensitive
information.  She has a VoIP router from her ISP.  The question: Are
the VoIP packets encrypted as they go across the wire?   Or can
someone sniffing in the right place capture all of that sensitive VoIP
traffic and reassemble her CC# and SS# from the tones? Is this
somethign that might be an issue in the future or is there already an
answer out there?

-Seth
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Dynamically assign a computer in a VLAN, Oleksandr Darchuk
Next by Date:  Re: Steps to avoid Social Engineering, Dave Peters
Previous by Thread:  Re: VoIP security, Pbt
Next by Thread:  Re: VoIP security, Mihai Amarandei
Indexes:  [Date] [Thread] [Top] [All Lists]