Penetration Testing mailing list archives
Re: pentesting voip network-please help
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Sat, 6 Feb 2010 09:47:45 +0200
Unfortunately not. Cain is basic in this category. It's true, if you want it to be done seriously....Backtrack is the answer... Ioannis (Yiannis) Koukouras CISSP, CISA, CISM MSc in Computer Systems Security BEng in Electronic Engineering http://www.linkedin.com/in/ikoukouras --- The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by responding to this email and then delete it from your system.
On Fri, Feb 5, 2010 at 8:05 PM, Todd Haverkos <infosec () haverkos com> wrote:Yiannis Koukouras <ikoukouras () gmail com> writes:Cain & Abel has also a very good VOIP sniffing feature. :)Does it work in Cisco environments though? I honestly don't know. Absent a way to get onto the VOIP vlan , it's nice features would be sadly useless. In most Cisco deployments, the phones themselves and all the call traffic are on a dedicated VLAN. When I've done such assessments, I've used voiphopper under Linux to dot he CDP dissection to find the VLAN and create the virtual interfaces and grab DHCP and the like. I also recall having to spoof the MAC of my box to impersonate the Cisco phone I unplugged to find a jack, as port security was in play along witha few other switch features trying to spoil the fun which if you made a wrong move, the port was entirely shut down and had to be reset by an administrator. At any rate, I'm curious what tools if any are available under Windows to do deal with VLAN's, finding the VOIP vlan, and dealing with trunk connection? If Cain handles all that, it'd be nice to know. Windows still makes me nervous for such things as it is AWFULLY chatty on the wire (and I've never had the need yet to figure out how many services to disable to quiet it down to an innocuous level). I'd be interested in any tricks from other list members on this front too. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- pentesting voip network-please help mzcohen2682 (Feb 02)
- RE: pentesting voip network-please help 김무성 (Feb 03)
- RE: pentesting voip network-please help McGhee, Eddie (Feb 03)
- Re: pentesting voip network-please help Yiannis Koukouras (Feb 05)
- Re: pentesting voip network-please help Todd Haverkos (Feb 07)
- Message not available
- Re: pentesting voip network-please help Yiannis Koukouras (Feb 07)
- Re: pentesting voip network-please help Nick (Feb 09)
- Re: pentesting voip network-please help Yiannis Koukouras (Feb 05)