Penetration Testing mailing list archives
Re: Voice over IP
From: Dug Song <dugsong () monkey org>
Date: Thu, 14 Jun 2001 21:10:30 -0400
On Thu, Jun 14, 2001 Brandon Young wrote:
A couple of colleagues and I are working on a security audit for a VOIP system. Anyone know of any exploits and vulnerabilities that may exist with Cisco's call manager? One thing we have found is that the traffic can be sniffed during phone calls. TCP is used for the initial connection setup and then once the phone has setup a session to the call manager it then uses the RTP protocol. We found that the conversation is placed in the PCMU audio codec. We are looking to find a way to extract the payloads and reassemble the audio so that we can play back the phone conversations. We are also looking at launching a man in the middle attack and getting access to the conversation and trying and listen to it in real time instead of capturing and replaying. Any ideas on some possible ways to execute this?
soon to be integrated into the dsniff suite:
http://www.monkey.org/~provos/vomit/
decode and convert Cisco IP phone calls into .wav format for playback
(either realtime or from a tcpdump capture), and inject .wav data into
ongoing telephone conversations.
be sure to leave a tip for Niels. :-)
-d.
p.s. he really does leave me those kind of crazy messages...
---
http://www.monkey.org/~dugsong/
Current thread:
- Voice over IP Young, Brandon (Jun 14)
- RE: Voice over IP Ofir Arkin (Jun 14)
- Re: Voice over IP Dug Song (Jun 15)
- Re: Voice over IP mht (Jun 19)
- Re: Voice over IP Dug Song (Jun 15)
- Re: Voice over IP Ryan Russell (Jun 14)
- Re: Voice over IP Desmond Irvine (Jun 15)
- Re: Voice over IP Andreas Östling (Jun 15)
- <Possible follow-ups>
- RE: Voice over IP John Bumgarner (Jun 15)
- RE: Voice over IP Ofir Arkin (Jun 14)