Penetration Testing mailing list archives
RE: VOIP Security
From: "Hayes, Ian" <Ian.Hayes () wynnlasvegas com>
Date: Fri, 23 Sep 2005 08:12:29 -0700
There is the possibility that you can attack the company's switch, possibly getting into it and reconfigure lines or phone features. Depending on how the phone system is set up, there are possibilities for other mischief - some setups let you use the phone as a hub for computer network connectivity. With a little effort you may be able to spoof a target VoIP phone, or possibly the boot/tftp server and serve your own config and code to any phones that are booting up. The possibilities are nearly endless unless the VoIP network has had a lot of serious thought and effort into how it has been built and secured. Ian Hayes | Senior Systems Engineer Wynn Las Vegas 3131 South Las Vegas Blvd, Las Vegas, NV 89109 Ph (702) 770-3252 | Cell (702) 266-6002 Ian.hayes () wynnlasvegas com
-----Original Message----- From: Alvin [mailto:alvind12 () ftml net] Sent: Wednesday, September 21, 2005 9:16 PM To: pen-test () securityfocus com Subject: VOIP Security List, What can be the security implication if I bypassed firewall for VOIP traffic and directly route it from router to PABX. Assuming - This VOIP traffic is coming from trusted partner's network but I dont have any control on thier nework at this point of time. Comments and Suggestions willl be appreciated !!! Regards Al -- Alvin alvind12 () ftml net
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- VOIP Security Alvin (Sep 22)
- <Possible follow-ups>
- Re: VOIP Security arif . jatmoko (Sep 23)
- RE: VOIP Security Hayes, Ian (Sep 23)