[VOIPSEC] VoIP and Banking Security
Michael Stauffer
stauffer_michael at bah.com
Thu Jun 23 06:32:30 CDT 2005
Al,
Is being able to sniff DTMF Digits not in line with your wishes? :)
Looks like a RFC 2833 dissector to me, available in Ethereal.
So can anyone sniff these packets? Well, in a properly configured, switched environment, it's not something that's done without effort, but a malicious agent with sufficient motivation and skill can capture these, yes. (The previous discussions from this list on the relative ease of capturing in a switched environment acknowledged). I could be wrong, but I believe SRTP would take care of this. Thoughts?
Mike Stauffer
BAH
VoIP Security
Greetings,
New here, and yes, I did check the archives first.
I just finished a session with my bank using the touch pad on my phone.
When finished I dumped the packets captured during the transaction (using
ethereal). I was a little dismayed and a lot alarmed to see wherever the
protocol was RTP EVE that the numbers I pressed on the phone were visible in
the info field:
Payload type=RTP Event, DTMF Eight 8
I'm guessing that if I can sniff these packets, so can anyone else.
Anyone have any comments to calm my nerves?
Thanks,
Al
More information about the Voipsec
mailing list