Security Basics mailing list archives
RE: VoIP security
From: "Joshua Berry" <jberry () PENSON COM>
Date: Thu, 21 Apr 2005 08:34:35 -0500
There are programs out there capable of replaying VoIP sessions: Vomit: http://vomit.xtdnet.nl/ The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file. Vomit is not a VoIP sniffer also it could be but the naming is probably related to H.323. I haven't found any others but it is definitely possible. VoIP travels over IP and therefore can be encrypted through IPSec tunnels or other means but I doubt most ISP's are doing that right now. -----Original Message----- From: Seth Art [mailto:sethart () gmail com] Sent: Wednesday, April 20, 2005 8:52 AM To: security-basics () securityfocus com Subject: VoIP security My coworker had an interesting question. She had to validate her credit card number over the phone using her social and other sensitive information. She has a VoIP router from her ISP. The question: Are the VoIP packets encrypted as they go across the wire? Or can someone sniffing in the right place capture all of that sensitive VoIP traffic and reassemble her CC# and SS# from the tones? Is this somethign that might be an issue in the future or is there already an answer out there? -Seth
Current thread:
- VoIP security Seth Art (Apr 20)
- Re: VoIP security Champ Clark [Vistech] (Apr 21)
- RE: VoIP security David (Apr 21)
- Re: VoIP security Pbt (Apr 21)
- <Possible follow-ups>
- RE: VoIP security Joshua Berry (Apr 21)
- Re: VoIP security Mihai Amarandei (Apr 22)
- RE: VoIP security Drumm, Daniel (Apr 22)
- RE: VoIP security Anil Saini (Apr 25)
- Re: VoIP security Champ Clark [Vistech] (Apr 25)