RE: A different kind of security problem?

["Alan Greig" <Alan.Greig () Ogilvie co uk>]

Hello Keenan,

When you say the network that supports your VOIP traffic do you have a
VOIP solution that has  a number of IP Endpoints and a main VOIP server
/ switch that offers connection to the traditional telephone network or
are all of your endpoints hooked into some form of pay on use VOIP
network? If its the latter have you mentioned the music to the provider?
If it's the former what level of logging is available on the main VOIP
switch in that can you ascertain which endpoints were involved in the
calls? 

Alan




-----Original Message-----
From: Smith, Keenan C. [mailto:Keenan.Smith () jhuapl edu] 
Sent: 18 July 2005 18:52
To: security-basics () securityfocus com
Subject: A different kind of security problem?

All,

Okay, this is one that requires squinting your eyes a bit and turning
your head to really be a security issue but if you stick with me, I
think you'll see where I'm going with this one.

A recently installed VOIP system in my company works well most of the
time.  However in a few cases, we've heard music on the line that was
not being generated by either end.

In one case, one of our VOIP phones was being used to access a bridge
for a conference call.  There were 15 or 20 folks on the call and at one
point during the call loud rock music begin playing.  The phone was hung
up since voices could not be heard over the music.  We found out later
that not only had everyone else on the call hear the music but it ended
when we disconnected from the call.

In another case, one of our VOIP phones was being used to call a
residential number.  Again, towards the end of the call music begin
playing.  However, this time it was soft jazz.

In both cases the music was not being generated by any of the
participants and none were on hold so hold music was not the culprit.

My thought is that we're experiencing a bleed through or cross-talk from
other traffic on the same network hosting the VOIP traffic.  

If that is indeed the case, my question to the group at large is this:
does that indicate a possible vulnerability of some sort in the
protocols that support VOIP?  Is this something that could be exploited
to eavesdrop or even route a call to an unknown destination?

I Googled for this but didn't find much about it.

Thoughts?

Keenan Smith





CONFIDENTIALITY NOTICE: This email and any attachments may be confidential. They may contain privileged information and 
are intended for the named addressee only. They must not be distributed without our consent. If you are not the 
intended recipient, please notify us immediately and delete the message and any attachments from your computer, do not 
disclose, distribute, or retain this email or any part of it.

DISCLAIMER: Internet communications are not secure and therefore Ogilvie Group Ltd does not accept legal responsibility 
for the contents of this message.  Unless expressly stated, opinions in this email are those of the individual sender 
and not of Ogilvie Group Ltd.   Ogilvie Group Ltd checks outgoing e-mails with anti-virus software that is regularly 
updated however this does not guarantee that any files attached to this e-mail are virus free. You must therefore take 
full responsibility for virus checking. Ogilvie Group Ltd reserves the right to monitor all email communications 
through their networks.