Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VoIP Hopper: New test tool

From: jpecou () gmail com
Date: 12 Sep 2007 18:54:59 -0000
OMG this is music to my ears... For the last month I have been testing the Voice VLAN Vulnerability W/CDP in a lab at 
my job. I figured if you currently have a data vlan configured with Mac Sticky and 802.1x Authentication you might be 
setting your self back by adopting a voice VLAN that only requires a phone to send a CDP packet to basically 
"Authenticate or place it on the Voice side"  I have been using Yersinia and CDP to spoof CDP packets of what would 
resemble a Cisco Phone. I noticed that the switch is seeing this traffic and placing me onto the voice VLAN instead of 
the data side but I could not for the life of me figure out how to communicate with the DHCP server and/or any other 
service for that matter. I am definately going to check this tool out to see I can finally close this chapter. Thanks!

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: