RE: VOIP Security

From: Hayes, Ian (Ian.Hayes@wynnlasvegas.com)
Date: Fri Sep 23 2005 - 11:12:29 EDT

• Next message: Laurent Constantin: "Re: Topology discover"
• Previous message: philippe.nospam.oechslin@objectif-securite.nospam.ch: "Re: Passwords with Lan Manager (LM) under Windows"
• Maybe in reply to: Alvin: "VOIP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

There is the possibility that you can attack the company's switch,
possibly getting into it and reconfigure lines or phone features.
Depending on how the phone system is set up, there are possibilities for
other mischief - some setups let you use the phone as a hub for computer
network connectivity. With a little effort you may be able to spoof a
target VoIP phone, or possibly the boot/tftp server and serve your own
config and code to any phones that are booting up. The possibilities are
nearly endless unless the VoIP network has had a lot of serious thought
and effort into how it has been built and secured.

Ian Hayes | Senior Systems Engineer
Wynn Las Vegas
3131 South Las Vegas Blvd, Las Vegas, NV 89109
Ph (702) 770-3252 | Cell (702) 266-6002
Ian.hayes@wynnlasvegas.com
 
> -----Original Message-----
> From: Alvin [mailto:alvind12@ftml.net]
> Sent: Wednesday, September 21, 2005 9:16 PM
> To: pen-test@securityfocus.com
> Subject: VOIP Security
>
> List,
>
> What can be the security implication if I bypassed firewall for VOIP
> traffic and directly route it from router to PABX.
>
> Assuming - This VOIP traffic is coming from trusted partner's network
> but I dont have any control on thier nework at this point of time.
>
> Comments and Suggestions willl be appreciated !!!
>
> Regards
> Al
> --
> Alvin
> alvind12@ftml.net

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Laurent Constantin: "Re: Topology discover"
• Previous message: philippe.nospam.oechslin@objectif-securite.nospam.ch: "Re: Passwords with Lan Manager (LM) under Windows"
• Maybe in reply to: Alvin: "VOIP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:59 EDT