Penetration Testing mailing list archives
Re: VoIP pentest ?
From: "Volker Tanger" <volker.tanger () detewe de>
Date: Thu, 28 Oct 2004 17:32:20 +0200
Greetings! On Wed, 27 Oct 2004 11:28:51 +0200 Frederic Charpentier <fcharpen () xmcopartners com> wrote:
does anyone have experiences or papers on VoIP pentest/assessment ? Expecting classic OS/Network audits and H323/ASN.1 flaws, I can't find any documentations or papers about flaws in VoIP architecture.
VoIP (SIP and H.323) do media transfer via (unencrypted) RTP/RTCP. SIP is a simple, unauthenticated cleartext protocol. H.323 similar (binary and more complex, but still unauthenticated). With ARPspoofing etc. it is simple to listen to voice streams or call setup - or change it. So re-routing voice streams or calls should be simple. Quite a high percentage of systems were/are susceptible to buffer overflows it seems (forgot the URL - about half a year ago). For other fun with SIP see e.g. http://www.infoanarchy.org/story/2004/9/15/23127/3363 Bye Volker Tanger ITK Security
Current thread:
- Re: VoIP pentest ? Volker Tanger (Nov 01)
- <Possible follow-ups>
- Re: VoIP pentest ? Ofir Arkin (Nov 01)
- Re: VoIP pentest ? Andre Ludwig (Nov 01)
- Re: VoIP pentest ? Ghaith Nasrawi (Nov 16)
- Re: VoIP pentest ? no name (Nov 03)
- Re: VoIP pentest ? Ivo Batchvarov (Nov 03)