What we can do with SIP?

["Taras P. Ivashchenko" <naplanetu () gmail com>]

Hello, list!

Now VoIP is very popular. And often we finds sip open ports (5060/udp).
But what we can do with it (in pentest context). I made small research
([0], [1], [2], [3]) and consider that the main things are:

- in internal pentest some voip sniffing
- in external may be some information disclosing and unauthorized calls
through some SIP Proxy.
  
What do you think about using SIP attack vectors in pentests?

[0] http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
[1] http://code.google.com/p/sipvicious/
[2] http://sipvicious.org/webcasts/sipvicious-0.2-intro/web.html
[3] www.blackhat.com/presentations/bh-usa-06/BH-US-06-Endler.pdf
-- 
Тарас Иващенко (Taras Ivashchenko), OSCP
www.securityaudit.ru
----
"Software is like sex: it's better when it's free." - Linus Torvalds

Attachment: signature.asc
Description: This is a digitally signed message part