[VOIPSEC] VOIP for free??
Michael Shields
shieldszero at aol.com
Mon Apr 11 10:59:08 CDT 2005
Diana Cionoiu wrote:
> RTP is not trivial to be listen,
> and anyway who can listen you phone calls also can see your yahoo, icq,
> msn,irc messages, so i think first we should solve those things and then
> go after plain VoIP.
I am not sure why you say this. For over two years, Ethereal has been
able to decode RTP streams and save the audio into a file. This only
takes a few clicks, and with a little time you could automate it completely.
It is true that other more widely used protocols also have
vulnerabilities, including DNS, SMTP, and HTTP. However, work on VOIP
security does not block work on other protocols, so that is no reason to
put VOIP security work on hold. It is easier to fix problems now while
the protocols are still in relatively limited deployment.
--
Michael Shields
Systems Programmer
AOL Network Security
[not speaking for AOL]
More information about the Voipsec
mailing list