[VOIPSEC] Actual Attacks

Brian Rosen br at brianrosen.net
Fri Feb 25 16:31:51 CST 2005 

Are you aware of this actually happening, or is this all theoretic?

I've never heard of actual incidents of any of this.

The latter (eavesdropping) is actually the reverse; when we do testing, we
have to go through all kinds of grief to allow the sniffers to get at the
packets.  Someone has to actually bring a hub (not a switch) so we can sniff
the packets.  You can, of course, run Etherreal on some of the actual
devices.  It's amazingly hard to sniff packets in a typical switched
architecture.  When we implement CALEA (legal wiretap), it takes a special
box that we force all the traffic to go through so we can copy the packets
to the LEA. 

WiFi and your neighbor's cable modem excepted, of course.

Brian

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Mark Teicher
> Sent: Friday, February 25, 2005 4:37 PM
> To: voipsec at voipsa.org
> Subject: RE: [VOIPSEC] Actual Attacks
> 
> Actual Attacks
> 
> SIP Proxy Impersonation
> SIP Proxy Hijacking
> Message Tampering - hard to devise an common exploit across VOIP
> platforms, but most likely possible
> Denial of Service - depends on the packet, usually just causes a phone to
> reset, or a port to shutter on the gateway, call server more vulnerable
> due to the underlying operating system
> Session Attack - hard to devise a common exploit applicabel across all
> VOIP platforms, possible on some of the well known vendors
> Eavesdropping - more feasible than most, especially if some of the default
> features of the particular VOIP equipment is not configured properly.
> 
> -----Original Message-----
> From: Robert Moskowitz <rgm at icsalabs.com>
> Sent: Feb 25, 2005 1:56 PM
> To: Brian Rosen <br at brianrosen.net>, 'Simon Horne' <security at isvo.net>,
> 	voipsec at voipsa.org
> Subject: RE: [VOIPSEC] Actual Attacks
> 
> At 09:36 AM 2/24/2005, Brian Rosen wrote:
> 
> >"Web of Trust" is a failed concept.  It works, but we have not been able
> to
> >successfully deploy in a large scale.
> 
> But it CAN work for groups of friends.
> 
> >Certificate authority chains work only within an enterprise.  We have not
> >really made them work well outside of that.
> 
> Check out ACES.
> 
> Check out the Federal PKI and work being done to duplicate it in
> commercial
> settings (drug industry for one).  Note I am the author of the Bridge CA
> model in the federal PKI.
> 
> Thing is you REALLY need a reason to get PKi s to work together.  Mail was
> never one.  Bout VoIP could be.
> 
> 
> Robert Moskowitz
> Senior Technical Director
> ICSA Labs, a division of Cybertrust, Inc.
> W:      248-968-9809
> F:      248-968-2824
> E:      rgm at icsalabs.com
> 
> There's no limit to what can be accomplished
> if it doesn't matter who gets the credit
> 
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> 
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list