Penetration Testing mailing list archives
Re: VoIP testing Help
From: "Ozgur Ozdemircili" <ozgur.ozdemircili () gmail com>
Date: Thu, 28 Jul 2005 17:46:51 +0300
Have you tried the program called VOIPONG?. It is was exactly developed for that. Check out http://www.enderunix.org/voipong/index.php?sect=screenshot&lang=en Cheers, Ozgur Ozdemircilli Enderunix ----- Original Message ----- From: "Mark Sec" <mark.sec () gmail com> To: "Mark Teicher" <mht3 () earthlink net> Cc: "Hazim" <hazim () scan-associates net>; "Clement Dupuis" <cdupuis () cccure org>; <security-basics () securityfocus com>; <pen-test () securityfocus com>; <Voipsec () voipsa org> Sent: Wednesday, July 27, 2005 8:57 AM Subject: Re: VoIP testing Help Good thanks for all ur answers, but has anyone the strings under tcpdump? only the string to capure the trafic VoIP with tcpdump, examples ? and how to converts the to wave file with vomit? cheers :-) /mark. On 22/07/05, Mark Teicher <mht3 () earthlink net> wrote:
Assembling an arsenal of VoIP Security Tools to assess various VoIP
platforms is quite cumbersome and much different from cobbling together a list of non-commercial network security tools and commercial network security tools. SiviUS is a nice tool but it is not quite complete, as it does not test for H.323 or SIP transformation validation and other such features.
Being able to have a product that is capable of producing threshold index
on various VoIP measurements including a security index on the specific vulnerabilities it checks for would be a great help in accessing a network infrastructure migrating to VoIP or reviewing a newly integrated VoIP solution.
Measurement Rating Index MOS 1.0 --> 200.00 1-->5 Delay Jitter Loss Results accumulated by x number of endpoints, and pertinent variables:
(RTP, Jitter, RTP, QOS, Frame Compression, Payload (GSM, G711, etc), Min calls, Max calls, cycle
Includes a packet capture and playback feature (mostly likely Ethereal
with statistical plug-ins)
Can be run from any platform (.tar.gz for U*nix and installshield for
Windows especially for those security consultants who are far from click here, crank there methodology.
Security Feature checking ability (oscheck for specific VoIP products,
using nmap will reveal the underlying operating system (sometimes attractive) but one is more interested in what the particular VoIP vendor implemented on top of the underlying operating system, or if certain libraries have been removed to avoid the "oops, can be compromised warning/red flagging" the hopped up on "RED BULL" or "CROSS YOUR HEART: security consultants tend to point out in the fancy long-winded report.
If a VoIP assessment report is more than 10 pages without a fair amount of
self-explanatory graphs, "do not pass GO, and start again"
-----Original Message----- From: Hazim <hazim () scan-associates net> Sent: Jul 21, 2005 10:34 PM To: Clement Dupuis <cdupuis () cccure org> Cc: 'Mark Sec' <mark.sec () gmail com>, security-basics () securityfocus com, pen-test () securityfocus com, Voipsec () voipsa org Subject: Re: VoIP testing Help Clement Dupuis wrote:Do take a look at Cain & Abel (www.oxid.it) they have a voip sniffer and
it
does work ver well with some implementation. On top of all that: it is FREE Have fun Clement Clément Dupuis, CD President/Security Evangelist/Chief Learning Officer (CLO) CCCure Enterprise Security & Training Inc. CISSP, GCFW, GCIA, Security+, CEH, CCSA, MBNS, MBIS, MBHS, CCSE, ACE Tel: 954 364 8410 (Florida) Tel: 514 907 1671 (Montreal) Tel: 418 907 0263 (Quebec) Fax: 636 773 6328 Maintainer of : The CISSP and SSCP Open Study Guides Web Site http://www.cccure.org The Professional Security Testers Warehouse http://www.professionalsecuritytesters.org-----Original Message----- From: Mark Sec [mailto:mark.sec () gmail com] Sent: Wednesday, July 20, 2005 6:58 PM To: security-basics () securityfocus com; pen-test () securityfocus com; Voipsec () voipsa org Subject: VoIP testing Help Alo Folks: Well now we have a audit over VoIP , we need whitepappers, tools , links... the big problem may be are the tools, for example we need "examples" or "PoC like sniffing over VoIP whith tools tcpdump and Ethereal, how to convert the traffic to .wav file , Which are the strings over my shell use tcpdump, opensource and comercial tools. thanks for all ur help :-) - MarkI think Cain & Abel will have a problem with g723 codec. I've tried sniff using Ethereal and it works well. Just that u need some additional tools such as JmStudio and rptplay.
Current thread:
- VoIP testing Help Mark Sec (Jul 20)
- Re: VoIP testing Help bytesman (Jul 21)
- Re: VoIP testing Help David Eduardo Acosta Rodríguez (Jul 21)
- RE: VoIP testing Help Clement Dupuis (Jul 21)
- Re: VoIP testing Help okrehel (Jul 21)
- Re: VoIP testing Help David Eduardo Acosta Rodríguez (Jul 21)
- RE: VoIP testing Help Clement Dupuis (Jul 21)
- <Possible follow-ups>
- Re: VoIP testing Help Hazim (Jul 21)
- Re: VoIP testing Help Mark Teicher (Jul 22)
- Re: VoIP testing Help Mark Teicher (Jul 22)
- Re: VoIP testing Help Mark Sec (Jul 27)
- Re: VoIP testing Help Ozgur Ozdemircili (Jul 28)
- Re: VoIP testing Help Mark Sec (Jul 27)
- Re: VoIP testing Help druid (Jul 22)
- Re: VoIP testing Help James Moorer (Jul 22)
- Re: VoIP testing Help Tobias Glemser (Jul 25)
- Re: VoIP testing Help Mark Teicher (Jul 25)
- VoIP testing Help Mark Teicher (Jul 28)
- Re: VoIP testing Help bytesman (Jul 21)