Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VoIP Call manager configuration Review

From: Dave Howe <David.Howe () ansgroup co uk>
Date: Wed, 06 Feb 2008 23:39:38 +0000
sisram2 () gmail com wrote:

Hi Folks,



I am doing the Cisco call manager configuration review for the first
time.



Can some provide me with the lead, as to what all I need to check ?
From what I can recall, normally the CCM (hard) nodes are vlanned off from the live network and often locked by MAC - software VoIP phones obviously being the exception. I don't have a standard test doc for it though.
There are skinny and sip sniffers that might be worth trying. Getting to where you can see the traffic (given the aformentioned MAC locks) can be problematic though. 

  See http://www.voipsa.org/Resources/tools.php for some useful stuff.


Further, is there a way to download the configuration file from the
call manager so that i can review it locally on my PC ?
Sure. you can use the backup facility on the web interface to back up the entire config (along with the contents of the tftp) to any sftp server. If you check with the server admins, they may be doing this anyhow for DR purposes. 

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: