From: Brass, Phil (ISS Atlanta) (PBrass@iss.net)
Date: Thu Sep 12 2002 - 18:01:53 EDT
I have looked a tiny bit at this problem. There does not seem to be
much info outside the telcos if you run into H.323 family of protocols
(port 1720?) In fact these protocols appear to be copyrighted and you
can spend quite a bit of money buying all the different specifications.
However, there is an open-source project called, oddly enough, OpenH323
(http://www.openh323.org) that provides a stack, gateway, and softphone
implementation, among other things.
However, if you run into SIP (Session Initiation Protocol
ftp://ftp.rfc-editor.org/in-notes/rfc3261.txt), there are some known
problems that Ofir Arkin gave an excellent presentation on at this
year's Black Hat Briefings. I believe SIP runs over UDP by default,
which opens it up to some spoofing attacks, especially for people who
can sniff traffic between the endpoints. These attacks include denial
of service and man-in-the-middle attacks. Anyhow, the presentation is a
great intro to SIP and it's problems.
It's available at:
http://www.sys-security.com/archive/conferences/blackhat/USA2002/ET_Can'
t_Phone_Home_-_VoIP_Security_[BH_USA_2002].zip
Hope this helps, and I'd love to hear if you find out any more info or
come across some good audit tools for VoIP...
Phil
> -----Original Message-----
> From: Marco van Zanten [mailto:marco.van.zanten@capgemini.nl]
> Sent: Thursday, September 12, 2002 7:24 AM
> To: pen-test security focus
> Subject: Pen testing a VOIP gateway
>
>
> Experts,
>
> I'm asked to do a external pen test on a VOIP gateway.
>
> To my opinion this is nearly impossible. (maybe if you use a
> gateway youself, or softphone application to attack ?) I
> can't find any info on this subject. There is enough info on
> securing the VOIP env. internally, but that is not the problem here.
>
> Can anyone argue or confirm my thoughts.
>
> Any help is appreciated.
>
> Thansk in advance,
>
> MM
>
> --
> **************************************************************
> **************
> This message contains information that may be privileged or
> confidential and is the property of the Cap Gemini Ernst &
> Young Group. It is only intended for the person to whom it is
> addressed. If you are not the intended recipient, you are not
> authorized to read, print, retain, copy disseminate,
> distribute, or use this message or any part thereof. If you
> receive this message in error, please notify the sender
> immediately and delete all copies of this message.
> **************************************************************
> **************
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA) Service. For more information on
> SecurityFocus' SIA service which automatically alerts you to
> the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT