From: Volker Tanger (vtlists@wyae.de)
Date: Thu Sep 08 2005 - 03:39:44 EDT
Good morning (at least over here)!
On 7 Sep 2005 16:00:48 -0000
mmarrero@lloydstsb-usa.com wrote:
> I am about to start a pentest of a PBX system. I was wondering if
> there are any vulnerabilities against this make and model of PBX.
> Also, does anyone know of a paper on how to appropriately conduct a
> pentest. I do not want to miss anything.
Take care not to break things - users are quite impatient with broken
telephony systems as the availability is experienced/expected with
five-9's (99,999%) and above - at least here in Germany. That's
completely different to computer systems from which people know and
accept that it does not work then and again.
Do you have to pen-test a cable-mode Meridian, an VoIP-based one? Are
there addidtional systems like Symphony or media gateway attached?
The Meridian has different interfaces (and IPs) for administration,
trunk/system connection, VoIP linkup etc. that behave quite differently
even in a base system. A complete media gateway usually is consisting of
multiple Windows and Solaris systems in addition to the Meridian base.
One thing I remember that one IP interface (management or system
interconnect) was over-sensitive to broadcasts, thus connecting it
directly to an office network was a bad idea. I'm no longer sure wether
it locked up only that module or more parts of the Meridian - or if that
vulnerability still is existing.
Btw.: the system documentation is (was? status 2004) quite incorrect in
parts especially if concerning IP stuff, example: suggestion for a FW
rule to access *from* PC *to* Meridian (or Gateway) is suggested:
from PC (src: tcp/0-65535) to System (dst: 22)
*and* from System (src: tcp/0-65535) to PC (dst: 22)
again: according to docs this for SSH access from PC to system alone.
Rrrrright...
See the other thread "Pentesting Telephone Systems" for generic TK
system pentesting hints. It is highly recommended to have a Meridian
expert in back office for questions and suggestions. Especially all the
options that often still can be accessed from a standard (system)
telephone is mindboggling and way above a standard PBX system. And that
is why there are abuses reported especially on mis- or
under-configured/administrated Meridians.
Good luck!
Volker
-- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists@wyae.de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:51 EDT