[VOIPSEC] VoIP and Fraud

Christopher A. Martin chris at sip1.com
Thu Feb 17 22:53:51 CST 2005 

You could only easily capture usable data if the carrier is not implementing
SIP Digest authentication which uses MD5 hash combined with a fresh random
number provided during authentication (although not all methods are
authenticated depending on the carrier).

________________________________

Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
 
Domains.SIP1.com
http://domains.sip1.com 
Low cost domain name registration & other Internet services.
 
Sign up for your PayPal merchant account today and start selling your
products on line today!
https://www.paypal.com/us/mrb/pal=Q622ZEE3CUWM8
 

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Rubino, Mark (Mark)
Sent: Tuesday, February 15, 2005 9:30 AM
To: Mahesh Thakkar; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] VoIP and Fraud


This may be an interesting discussion. Regarding possible
vulnerabilities...

I'm thinking that toll fraud would most likely be an issue from cable
access Voip. 
It should be easy enough (with an existing high speed cable account) to
packet capture the cable
And identify other subscribers using the voip service. A few changes to
the NIC card and
IP address, maybe an open source Softphone or a Softphone copy of
whatever vendor the
cable company uses for voip...

You can possibly extend this toll fraud to people with cable access and
wireless routers
(drive by toll fraud?)

This may not be possible today but in the past I was under the
impression that the high speed
Cable service was provided to end users in a bridged/hub like network
environment. Has this
Changed?

 

 

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Mahesh Thakkar
Sent: Sunday, February 13, 2005 3:33 AM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] VoIP and Fraud

Dear All,

I am new to VoIP, but not to communication. I am in telecom for the last
7 years (GSM) and looking after Revenue Assurance and Fraud. I would
like to know what are the vulnerabilities of VoIP and loop holes for
fraud in practical day to day business and how one can protect or be
prepared to act against VoIP fraud.

Responses are highly appreciated

--
Mahesh Thakkar

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list