[VOIPSEC] Actual Attacks
Simon Horne
security at isvo.net
Sat Feb 26 02:31:55 CST 2005
At 02:02 PM 26/02/2005, David Vincent wrote:
>Brian Rosen wrote:
>
>>Are you aware of this actually happening, or is this all theoretic?
>>
>>I've never heard of actual incidents of any of this.
>>
>>The latter (eavesdropping) is actually the reverse; when we do testing, we
>>have to go through all kinds of grief to allow the sniffers to get at the
>>packets. Someone has to actually bring a hub (not a switch) so we can sniff
>>the packets. You can, of course, run Etherreal on some of the actual
>>devices. It's amazingly hard to sniff packets in a typical switched
>>architecture. When we implement CALEA (legal wiretap), it takes a special
>>box that we force all the traffic to go through so we can copy the packets
>>to the LEA.
>
>speaking of eavesdropping, i'd love to hear the community's opinion about
>this project:
>
>http://www.enderunix.org/voipong/
With reference to the above product, more than ever vendors have to
seriously consider Media Encryption with a Handshake technique which foils
these types of "wire taps". Methods such as Single Use Diffie Hellman
generated half key pairs (with 1 half encrypted) as used in TLS on a
seperate secure channel is an excellent method to stop the "Man in the
Middle" from being able to decrypt the voice traffic. They may be able to
capture to .wav the contents of the conversation but it would be complete
garbage. Each conversation or part of conversations are encrypted
differently so the 'tapper' has to use repeated blunt force attacks to
access the entire conversation. If a large Diffie Hellman "Prime" length is
used (> 1536bits) and a high quality cipher (say AES256), makes it almost
impossible for all but the the most serious 'tapper' to access.
Simon
More information about the Voipsec
mailing list