Re: VoIP pentest ?

From: Volker Tanger (volker.tanger@detewe.de)
Date: Thu Oct 28 2004 - 11:32:20 EDT

• Next message: Richard Zaluski: "RE: An idiot question"
• Previous message: Jeffrey Clark: "Re: TS/3389 risk on Internet"
• In reply to: Frederic Charpentier: "VoIP pentest ?"
• Next in thread: Mark Teicher: "Re: VoIP pentest ?"
• Reply: Mark Teicher: "Re: VoIP pentest ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Greetings!

On Wed, 27 Oct 2004 11:28:51 +0200 Frederic Charpentier
<fcharpen@xmcopartners.com> wrote:
> does anyone have experiences or papers on VoIP pentest/assessment ?
> Expecting classic OS/Network audits and H323/ASN.1 flaws, I can't find
> any documentations or papers about flaws in VoIP architecture.

VoIP (SIP and H.323) do media transfer via (unencrypted) RTP/RTCP.
SIP is a simple, unauthenticated cleartext protocol. H.323 similar
(binary and more complex, but still unauthenticated).

With ARPspoofing etc. it is simple to listen to voice streams or call
setup - or change it. So re-routing voice streams or calls should be
simple.

Quite a high percentage of systems were/are susceptible to buffer
overflows it seems (forgot the URL - about half a year ago).

For other fun with SIP see e.g.
http://www.infoanarchy.org/story/2004/9/15/23127/3363

Bye

Volker Tanger
ITK Security

• Next message: Richard Zaluski: "RE: An idiot question"
• Previous message: Jeffrey Clark: "Re: TS/3389 risk on Internet"
• In reply to: Frederic Charpentier: "VoIP pentest ?"
• Next in thread: Mark Teicher: "Re: VoIP pentest ?"
• Reply: Mark Teicher: "Re: VoIP pentest ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:07 EDT