[VOIPSEC] RE: VoIP and Banking Security
Geoff Devine
gdevine at cedarpointcom.com
Thu Jun 23 07:38:20 CDT 2005
That is certainly true for any device that uses RFC 2833 DTMF Relay
without encrypting the media stream. You really want to run something
like SRTP (RFC 3711) to encrypt media.
Something to calm your nerves:
As a Comcast customer, your DOCSIS packets are probably encrypted at
your cable modem using BPI+. BPI+ is a fairly lightweight encryption
scheme which can be broken but that is extremely unlikely. 40-bit &
56-bit DES encryption won't stop the NSA but it's going to discourage
any hackers in your town who can see your DOCSIS upstream.
Geoff
- - - - - - - - - - - - - - - - - - - -
From: "Al" <alanrice at comcast.net>
Greetings,
New here, and yes, I did check the archives first.
I just finished a session with my bank using the touch pad on my phone.
When finished I dumped the packets captured during the transaction
(using
ethereal). I was a little dismayed and a lot alarmed to see wherever
the
protocol was RTP EVE that the numbers I pressed on the phone were
visible in
the info field:
Payload type=RTP Event, DTMF Eight 8
I'm guessing that if I can sniff these packets, so can anyone else.
Anyone have any comments to calm my nerves?
Thanks,
Al
More information about the Voipsec
mailing list