Penetration Testing mailing list archives
Re: Auditing asterisk servers?
From: publists () enablesecurity com
Date: 10 Feb 2009 19:41:03 -0000
My answer would be "a bit of both". An Asterisk box is yet another network server that is vulnerable to typical network attacks (DoS, vulnerable web config etc). However there are concerns that are more VoIP specific, such as toll fraud and phone tapping concerns. Resources: There are special tools for VoIP. Voipsa has a good list [1], and check out SIPVicious [2] as well! If you have a copy of CANVAS then VOIPPACK [3] (for which I am an author) is a great option. I just added 2 new tools that target Asterisk boxes [4] ;-) [1] http://www.voipsa.org/Resources/tools.php [2] http://sipvicious.org/ [3] http://www.vimeo.com/2524735 [4] http://www.vimeo.com/3162761 Cheers Sandro Gauci
Current thread:
- Auditing asterisk servers? Camilo Olea (Feb 10)
- Re: Auditing asterisk servers? Adriel T. Desautels (Feb 10)
- <Possible follow-ups>
- Re: Auditing asterisk servers? publists (Feb 11)
- Re: Auditing asterisk servers? J. Oquendo (Feb 11)