Penetration Testing mailing list archives
Re: Conducting Risk Assessment for VOIP and Thin Client
From: "Jezebel Ali" <jezebel_ali () hush com>
Date: Fri, 23 Jun 2006 18:14:06 +0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good day esteemed brother Chris Hammer, You may look at assessment in many way. One: Capture voice traffic from network and listen in on conversation. Two: Compromise VoIP servers. Three: Bad configure telephones. On capture voice traffic, usually there are one network reserved for voice traffic. Sometime one large organization may have one network per floor or switch. It may be possible to hop onto VLAN by using 802.1q tagging. Try first and sniff for VLAN traffic on network using Ethereal. Usually, also VoIP phones can request IP address via DHCP. If this is case, then after you have hopped onto VLAN, use DHCP. You will have to use intrusive technique of ARP poison in order to capture voice traffic after. I have used tool: Voipong (http://www.enderunix.org/voipong/) It may difficult for VLAN hop on MS Window environment, but perhaps your latest NIC driver has capability. Of course, if you able, then utilize Cain (http://www.oxid.it/cain.html) Perhaps utilize Ettercap for ARP spoofing also. On compromise server, it is simply case of perform VA and gain access. If you have time, it may be possible to see how server handle bad packet VoIP signaling protocols. Perhaps then you may be able to crash or exploit server soft. Also think DHCP starving of server then issue own DHCP address. On compromise bad phone, check phone device itself. It may possible that phone bad configured. Check for listen-into conversation capability. Sometime supervisor has this ability. It are many ways of playing with VoIP. Enjoy. Sorry my bad english. Kind regards, Jez On Wed, 21 Jun 2006 18:40:04 +0400 Chris Hammer <CHammer () fcbnm com> wrote:
Good morning, I have been tasked with conducting a Risk Assessment / Vulnerability Assessment on a VOIP and Thin Client environment. Does anyone have a good template to start with, as well as ideas as to where to start? I am familiar with both of these technologies and understand how they work but I by no means an expert on them. Any help would be appreciated! Cheers! Chris The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any ------------------------------------------------------------------- ----------- This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------- -----------
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkSb9y4ACgkQC68hZJzwc9h3iwP+PjVYUUeiDdnNG5e9GJp/ohYwqiBc eMwLiHH+do2BtZlW7z/yh4O036/4BA8OW98eJq5mdsaCGl7Srj/+AmASJZ3nF4EGPFVU YMIFFAPZLR3JqZft6eMoL8D31s4T1B6ujL8dYdC/Kz8sJOGNo3Bb6kJcHB48hBD5F1K0 n5PccRM= =YChN -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Conducting Risk Assessment for VOIP and Thin Client Chris Hammer (Jun 21)
- Re: Conducting Risk Assessment for VOIP and Thin Client Paul Robertson (Jun 21)
- Re: Conducting Risk Assessment for VOIP and Thin Client Ivan Arce (Jun 21)
- RE: Conducting Risk Assessment for VOIP and Thin Client Tonie Deen (Jun 21)
- Re: Conducting Risk Assessment for VOIP and Thin Client Rodrigo Blanco (Jun 25)
- <Possible follow-ups>
- Re: Conducting Risk Assessment for VOIP and Thin Client Jezebel Ali (Jun 23)
- Re: Conducting Risk Assessment for VOIP and Thin Client Paul Robertson (Jun 21)