Penetration Testing mailing list archives

Re: VoIP pentest ?

From: "Volker Tanger" <volker.tanger () detewe de>
Date: Thu, 28 Oct 2004 17:32:20 +0200

Greetings!

On Wed, 27 Oct 2004 11:28:51 +0200 Frederic Charpentier
<fcharpen () xmcopartners com> wrote:

does anyone have experiences or papers on VoIP pentest/assessment ?
Expecting classic OS/Network audits and H323/ASN.1 flaws, I can't find
any documentations or papers about flaws in VoIP architecture.


VoIP (SIP and H.323) do media transfer via (unencrypted) RTP/RTCP.
SIP is a simple, unauthenticated cleartext protocol. H.323 similar
(binary and more complex, but still unauthenticated). 

With ARPspoofing etc. it is simple to listen to voice streams or call
setup - or change it. So re-routing voice streams or calls should be
simple.

Quite a high percentage of systems were/are susceptible to buffer
overflows it seems (forgot the URL - about half a year ago). 

For other fun with SIP see e.g.
http://www.infoanarchy.org/story/2004/9/15/23127/3363

Bye

Volker Tanger
ITK Security

Current thread:

Re: VoIP pentest ? Volker Tanger (Nov 01)
- <Possible follow-ups>
- Re: VoIP pentest ? Ofir Arkin (Nov 01)
- Re: VoIP pentest ? Andre Ludwig (Nov 01)
  - Re: VoIP pentest ? Ghaith Nasrawi (Nov 16)
- Re: VoIP pentest ? no name (Nov 03)
- Re: VoIP pentest ? Ivo Batchvarov (Nov 03)