[VOIPSEC] Voipsec Digest, Vol 12, Issue 2

Berkman, Scott Scott.Berkman at Reignmaker.net
Fri Dec 2 07:35:45 CST 2005 

I'm not so certain about how a RTP-carried virus or vulnerability would
work.  RTP carries the media from endpoint to endpoint, and should be
defined as a specific codec.  That data is not executed as code, but
translated into voice based on the DSP for that codec.  I'm sure what
happens on a malformed RTP packet (or stream) differs vendor to vendor
and even across firmware revisions, but I do not see that situation
providing access to the phone.  More likely if the stream seems to be
malformed, the phone might drop the call as a form of built in security.
I know that a few different SBCs drop streams that they cannot associate
with a session, so phones might behave much the same

	Does anyone from a vendor know more (without giving proprietary
detail) about how IP Phones generally sanity check RTP packets and
streams?


	Along the same lines I'd think it to be quite tough to hide
anything malicious in a SIP header, due to size constraints and the text
based protocol formatting.

	Just my thoughts, let me know if I'm wrong somewhere or if you
agree.

	-Scott
------------------------------------------------------------------------
------------
Scott Berkman CCNP

Network Engineer
scott.berkman at reignmaker.net

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Voipsec-request at voipsa.org
Sent: Friday, December 02, 2005 7:00 AM
To: Voipsec at voipsa.org
Subject: Voipsec Digest, Vol 12, Issue 2

Send Voipsec mailing list submissions to
	Voipsec at voipsa.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
or, via email, send a message with subject or body 'help' to
	Voipsec-request at voipsa.org

You can reach the person managing the list at
	Voipsec-owner at voipsa.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Voipsec digest..."


Today's Topics:

   1. Re: RTP-borne virus examples? (THABARET Frederic ROSI/DAS)


----------------------------------------------------------------------

Message: 1
Date: Thu, 1 Dec 2005 17:26:08 +0100
From: "THABARET Frederic ROSI/DAS"
	<frederic.thabaret at francetelecom.com>
Subject: Re: [VOIPSEC] RTP-borne virus examples?
To: "John Todd" <jtodd at loligo.com>,    <Voipsec at voipsa.org>
Message-ID:
	
<771883A91914B344B41CD5986DBADC896CFB93 at PUEXCBM0.nanterre.francetelecom.
fr>
	
Content-Type: text/plain;	charset="Windows-1252"


Codenomicon sell a RTP test tool
http://www.codenomicon.com/products/telecommunications/rtp/
I  understand that if this product is useful they might have found
vulnerable RTP implementations. Vulnerable implementations could then be
the origin of attacks.
If someone has heard of RTP vulnerability i would be also very
interested to discover it.

-----Message d'origine-----
De : Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] De
la part de John Todd Envoy? : lundi 28 novembre 2005 06:26 ? :
Voipsec at voipsa.org Objet : [VOIPSEC] RTP-borne virus examples?


Has anyone seen any "wild" virii transmitted via RTP?  I have heard of
the theoretical transmission of such viruses and heard rumors about
them, but as have yet to see one for myself.  I would be interested in
any references or documentation of such items, and what (if anything) is
being done on any edge devices to counter the threat.

Apologies if I'm far behind the times on this type of thing and there is
an obvious list that Google simply did not show; I don't often keep
track of client-side virus issues.

JT

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

********************************
Ce message et toutes les pieces jointes (ci-apres le "message") sont
confidentiels et etablis a l'intention exclusive de ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite.
Tout message electronique est susceptible d'alteration. Le Groupe France
Telecom decline toute responsabilite au titre de ce message s'il a ete
altere, deforme ou falsifie.
Si vous n'etes pas destinataire de ce message, merci de le detruire
immediatement et d'avertir l'expediteur.
*********************************
This message and any attachments (the "message") are confidential and
intended solely for the addressees. Any unauthorised use or
dissemination is prohibited.
Messages are susceptible to alteration. France Telecom Group shall not
be liable for the message if altered, changed or falsified.
If you are not the intended addressee of this message, please cancel it
immediately and inform the sender.
********************************



------------------------------

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


End of Voipsec Digest, Vol 12, Issue 2
**************************************

More information about the Voipsec mailing list