[VOIPSEC] VOIP and Forensics
Mark Teicher
mht3 at earthlink.net
Sun Mar 13 11:52:34 CST 2005
Actually it is not that difficult, if one has some skills with the various
scripting languages and familiarity with how the various VOIP products log
events. At first glance, you would assume that VOIP vendors would conform
to either syslog or SNMP. Some conform to logging in one format or
another, but not consistent across all vendors. Some media gateway
products have an interesting way of sending logging and not quite
real-time. A bit misleading when attempting to examine a Voice Spoofing
incident or toll-fraud incident. Almost like looking for a needle in a
haystack especially when attempting to trace the issue back through all the
various equipment that makes up a VOIP architecture.
/m
At 12:00 AM 3/12/2005, Christopher A. Martin wrote:
>This type of task will require correlation of many different types of logs,
>not just VoIP, but also possibly router/firewall logs, source/destination
>pairings, common sources (even if they are spoofed), possible tagging by
>tools that can detect 0 day attacks...etc... It's hard in the traditional
>world, but may be easier combined with the telephony patterns...
>
>Christopher A. Martin
>P.O. Box 1264
>Cedar Hill, Texas 75106
>Chris at InfraVAST.com
>
> > -----Original Message-----
> > From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> > Behalf Of Mark Teicher
> > Sent: Friday, March 11, 2005 6:16 AM
> > To: Voipsec at voipsa.org
> > Subject: [VOIPSEC] VOIP and Forensics
> >
> > Has anyone examined how to produce evidence for legal proceedings to prove
> > actual VOIP fraud?
> > As this is question I have posed to a few companies who offer Managed
> > Security Services for IPT and none of them provided a response .
> > The only response I have received so far: "We have network+ certified and
> > CCNA experts and currently scheduled for Juniper/Extreme training"
> > Interesting that people are being trained and certified, but as I recall
> > being trained on a product does not necessarily mean that one is qualified
> > to produce evidence to prove VOIP fraud.
> >
> > /mht
> >
> >
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list