Voice over IP

["Young, Brandon" <byoung () Calence com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

A couple of colleagues and I are working on a security audit for a
VOIP system. Anyone know of any exploits and vulnerabilities that may
exist with Cisco's call manager? One thing we have found is that the
traffic can be sniffed during phone calls. TCP is used for the
initial connection setup and then once the phone has setup a session
to the call manager it then uses the RTP protocol. We found that the
conversation is placed in the PCMU audio codec. We are looking to
find a way to extract the payloads and reassemble the audio so that
we can play back the phone conversations.  We are also looking at 
launching a man in the middle attack and getting access to the
conversation and trying and listen to it in real time instead of
capturing and replaying. Any ideas on some possible ways to execute
this? 

Thanks in advance,

//CALENCE
Brandon Young
Consultant - Consulting Services
480.889.9736
byoung () calence com
www.calence.com




-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOyjc1HTH1Q5UAycjEQLCfgCfaesfZXb/E35EaTqE9sZdcPCZlGsAoJxf
wh1QNRb61/lEJMHS5LhUDMS6
=atyJ
-----END PGP SIGNATURE-----

Attachment: PGPexch.rtf.asc
Description: