Penetration Testing mailing list archives

Re: Voice over IP

From: Andreas Östling <andreaso () it su se>
Date: Fri, 15 Jun 2001 09:29:15 +0200

On Thursday 14 June 2001 17:47,  Young, Brandon wrote:
...

A couple of colleagues and I are working on a security audit for a
VOIP system. Anyone know of any exploits and vulnerabilities that may
exist with Cisco's call manager?

...

You may want to check out a tool by Niels Provos called "vomit" - voice over 
misconfigured internet telephones.
It's available from http://www.monkey.org/~provos/vomit/

"The vomit utility converts a Cisco IP phone conversation into a wave file 
that can be played with ordinary sound players. The phone conversation can 
either be played directly from the network or from a tcpdump output file. 
Vomit is also capable of inserting wavefiles into ongoing telephone 
conversations. Vomit can be used as a network debugging tool, a speaker 
phone, etc ..."

Have not tried it myself, yet.

Regards,
Andreas Östling

Current thread:

Voice over IP Young, Brandon (Jun 14)
- RE: Voice over IP Ofir Arkin (Jun 14)
  - Re: Voice over IP Dug Song (Jun 15)
    - Re: Voice over IP mht (Jun 19)
- Re: Voice over IP Ryan Russell (Jun 14)
  - Re: Voice over IP Desmond Irvine (Jun 15)
- Re: Voice over IP Andreas Östling (Jun 15)
- <Possible follow-ups>
- RE: Voice over IP John Bumgarner (Jun 15)