Penetration Testing mailing list archives
What we can do with SIP?
From: "Taras P. Ivashchenko" <naplanetu () gmail com>
Date: Tue, 27 Jan 2009 23:48:07 +0300
Hello, list! Now VoIP is very popular. And often we finds sip open ports (5060/udp). But what we can do with it (in pentest context). I made small research ([0], [1], [2], [3]) and consider that the main things are: - in internal pentest some voip sniffing - in external may be some information disclosing and unauthorized calls through some SIP Proxy. What do you think about using SIP attack vectors in pentests? [0] http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html [1] http://code.google.com/p/sipvicious/ [2] http://sipvicious.org/webcasts/sipvicious-0.2-intro/web.html [3] www.blackhat.com/presentations/bh-usa-06/BH-US-06-Endler.pdf -- Тарас Иващенко (Taras Ivashchenko), OSCP www.securityaudit.ru ---- "Software is like sex: it's better when it's free." - Linus Torvalds
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- What we can do with SIP? Taras P. Ivashchenko (Jan 27)