Penetration Testing mailing list archives
Re: Pen Testing a PBX (Northern Telecom Meridian-1)
From: Volker Tanger <vtlists () wyae de>
Date: Thu, 8 Sep 2005 09:39:44 +0200
Good morning (at least over here)! On 7 Sep 2005 16:00:48 -0000 mmarrero () lloydstsb-usa com wrote:
I am about to start a pentest of a PBX system. I was wondering if there are any vulnerabilities against this make and model of PBX. Also, does anyone know of a paper on how to appropriately conduct a pentest. I do not want to miss anything.
Take care not to break things - users are quite impatient with broken telephony systems as the availability is experienced/expected with five-9's (99,999%) and above - at least here in Germany. That's completely different to computer systems from which people know and accept that it does not work then and again. Do you have to pen-test a cable-mode Meridian, an VoIP-based one? Are there addidtional systems like Symphony or media gateway attached? The Meridian has different interfaces (and IPs) for administration, trunk/system connection, VoIP linkup etc. that behave quite differently even in a base system. A complete media gateway usually is consisting of multiple Windows and Solaris systems in addition to the Meridian base. One thing I remember that one IP interface (management or system interconnect) was over-sensitive to broadcasts, thus connecting it directly to an office network was a bad idea. I'm no longer sure wether it locked up only that module or more parts of the Meridian - or if that vulnerability still is existing. Btw.: the system documentation is (was? status 2004) quite incorrect in parts especially if concerning IP stuff, example: suggestion for a FW rule to access *from* PC *to* Meridian (or Gateway) is suggested: from PC (src: tcp/0-65535) to System (dst: 22) *and* from System (src: tcp/0-65535) to PC (dst: 22) again: according to docs this for SSH access from PC to system alone. Rrrrright... See the other thread "Pentesting Telephone Systems" for generic TK system pentesting hints. It is highly recommended to have a Meridian expert in back office for questions and suggestions. Especially all the options that often still can be accessed from a standard (system) telephone is mindboggling and way above a standard PBX system. And that is why there are abuses reported especially on mis- or under-configured/administrated Meridians. Good luck! Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists () wyae de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Pen Testing a PBX (Northern Telecom Meridian-1) mmarrero (Sep 07)
- Re: Pen Testing a PBX (Northern Telecom Meridian-1) Volker Tanger (Sep 08)
- Re: Pen Testing a PBX (Northern Telecom Meridian-1) Hubert Seiwert (Sep 08)
- Re: Pen Testing a PBX (Northern Telecom Meridian-1) womber (Sep 11)
- <Possible follow-ups>
- Re: Pen Testing a PBX (Northern Telecom Meridian-1) Mark Teicher (Sep 11)