Penetration Testing mailing list archives
Re: VoIP Hopper: New test tool
From: jpecou () gmail com
Date: 12 Sep 2007 18:54:59 -0000
OMG this is music to my ears... For the last month I have been testing the Voice VLAN Vulnerability W/CDP in a lab at my job. I figured if you currently have a data vlan configured with Mac Sticky and 802.1x Authentication you might be setting your self back by adopting a voice VLAN that only requires a phone to send a CDP packet to basically "Authenticate or place it on the Voice side" I have been using Yersinia and CDP to spoof CDP packets of what would resemble a Cisco Phone. I noticed that the switch is seeing this traffic and placing me onto the voice VLAN instead of the data side but I could not for the life of me figure out how to communicate with the DHCP server and/or any other service for that matter. I am definately going to check this tool out to see I can finally close this chapter. Thanks! ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- VoIP Hopper: New test tool Jason Ostrom (Sep 10)
- <Possible follow-ups>
- Re: VoIP Hopper: New test tool jpecou (Sep 12)