Security Basics mailing list archives
RE: VoIP security
From: "Anil Saini" <ansaini567 () hotmail com>
Date: Sun, 24 Apr 2005 01:02:53 -0700
check with juniper netscreen security gateways. They do support ipsec tunneling for VoIP.
Anil
From: "Drumm, Daniel" <dgdrumm () bf umich edu>To: "Joshua Berry" <jberry () PENSON COM>,"Seth Art" <sethart () gmail com>, <security-basics () securityfocus com>Subject: RE: VoIP security Date: Thu, 21 Apr 2005 12:53:39 -0400 I would suggest joining the VoIP security list and learn about what's happening with Secure RTP and other initiatives. Cisco phones can make use of certificates, there is IPSEC encapsulation at route edges by providers, there is MPLS Security, a whole gamut of things going on. http://voipsa.org/mailman/listinfo/voipsec_voipsa.org Vomit can decode calls from a Cisco phone, provided the encapsulation is G.711. It doesn't handle other codecs, or at least it didn't a few months ago. The answer to most these types of issues is SRTP, although there are other initiatives going on as well. -----Original Message----- From: Joshua Berry [mailto:jberry () PENSON COM] Sent: Thursday, April 21, 2005 9:35 AM To: Seth Art; security-basics () securityfocus com Subject: RE: VoIP security There are programs out there capable of replaying VoIP sessions: Vomit: http://vomit.xtdnet.nl/ The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file. Vomit is not a VoIP sniffer also it could be but the naming is probably related to H.323. I haven't found any others but it is definitely possible. VoIP travels over IP and therefore can be encrypted through IPSec tunnels or other means but I doubt most ISP's are doing that right now. -----Original Message----- From: Seth Art [mailto:sethart () gmail com] Sent: Wednesday, April 20, 2005 8:52 AM To: security-basics () securityfocus com Subject: VoIP security My coworker had an interesting question. She had to validate her credit card number over the phone using her social and other sensitive information. She has a VoIP router from her ISP. The question: Are the VoIP packets encrypted as they go across the wire? Or can someone sniffing in the right place capture all of that sensitive VoIP traffic and reassemble her CC# and SS# from the tones? Is this somethign that might be an issue in the future or is there already an answer out there? -Seth
Current thread:
- VoIP security Seth Art (Apr 20)
- Re: VoIP security Champ Clark [Vistech] (Apr 21)
- RE: VoIP security David (Apr 21)
- Re: VoIP security Pbt (Apr 21)
- <Possible follow-ups>
- RE: VoIP security Joshua Berry (Apr 21)
- Re: VoIP security Mihai Amarandei (Apr 22)
- RE: VoIP security Drumm, Daniel (Apr 22)
- RE: VoIP security Anil Saini (Apr 25)
- Re: VoIP security Champ Clark [Vistech] (Apr 25)