Penetration Testing mailing list archives
Re: Securing VOIP?
From: "Jon O ." <jono () microshaft org>
Date: Mon, 15 Oct 2001 16:35:07 -0700
You should probably also consider the risks of sniffing as this tools shows: http://vomit.xtdnet.nl/ The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. The phone conversation can either be played directly from the network or from a tcpdump output file. Vomit is also capable of inserting wavefiles into ongoing telephone conversations. Vomit can be used as a network debugging tool, a speaker phone, etc ... http://vomit.xtdnet.nl/ On 15-Oct-2001, reberc () post ch wrote:
Hi I have to review our concept for implementing VOIP. I have to make sure, that all security issues are covered. If anybody could give me some help on this question: Our provider says, that we need no firewall for VOIP because our Voice Gateway receives only PRI requests/transfers. He says that it is possible to restrict the Voice Gateway for only PRI-Traffic and that it is impossible to bring data along with PRI. The PRI is always converted to voice. Now I have seen, that you can send Voice, Video and Data on PRI. Is it really necessary to have an Firewall between our CallManager and Voice Gateway or can I trust the provider and be sure, that nothing else (IP-Transfers) is coming over this line? Many thanks in advance! Claudia Reber IT-Security Officer Die Schweizerische Post Information Technology Services IT5 IT-Security Webergutstrasse 12 CH-3030 Bern (Zollikofen) Tel: ++41 (0)31 338 16 44 Handy: ++41 (0)79 211 01 48 Fax: ++41 (0)31 338 74 92e-Mail mailto:reberc () post ch visit our homepage: http://pww.post.ch/oe/IP/corp//index.htm (intern) http://www.post.ch (extern)There was a belief that it was going to be easy. They were wrong! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Securing VOIP? reberc (Oct 15)
- RE: Securing VOIP? Shawn Duffy (Oct 15)
- Re: Securing VOIP? Jon O . (Oct 15)