Penetration Testing mailing list archives

Re: Auditing asterisk servers?

From: publists () enablesecurity com
Date: 10 Feb 2009 19:41:03 -0000

My answer would be "a bit of both". An Asterisk box is yet another network server that is vulnerable to typical network 
attacks (DoS, vulnerable web config etc). However there are concerns that are more VoIP specific, such as toll fraud 
and phone tapping concerns.

Resources:

There are special tools for VoIP. Voipsa has a good list [1], and check out SIPVicious [2] as well! 

If you have a copy of CANVAS then VOIPPACK [3] (for which I am an author) is a great option. I just added 2 new tools 
that target Asterisk boxes [4] ;-)

[1] http://www.voipsa.org/Resources/tools.php
[2] http://sipvicious.org/
[3] http://www.vimeo.com/2524735
[4] http://www.vimeo.com/3162761

Cheers

Sandro Gauci

Current thread:

Auditing asterisk servers? Camilo Olea (Feb 10)
- Re: Auditing asterisk servers? Adriel T. Desautels (Feb 10)
- <Possible follow-ups>
- Re: Auditing asterisk servers? publists (Feb 11)
  - Re: Auditing asterisk servers? J. Oquendo (Feb 11)