| To: | pen-test@securityfocus.com |
|---|---|
| Subject: | Voip security |
| From: | "Mike Klingler" <whitehatguru@gmail.com> |
| Date: | Sat, 25 Nov 2006 18:27:28 -0600 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=qLQsM0J33p5AjV2/0tY/aj2JN3COe/c4FzHCM3UTQlX9e8yNzajGxZLT//ftIzU2tb0n4j0WnMWg5XAbcswe8i2WcOm78ssewd8v7lYRVHLDJ3veR0y+evaL/RUNacVFHyb7n2Liiggc+/9F2AXl4b48aLATJaUDjeb5Bik6OEY= |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| Resent-date: | Sat, 25 Nov 2006 17:30:22 -0700 (MST) |
| Resent-from: | pen-test-return-1078483045@securityfocus.com |
| Resent-message-id: | <20061126003022.C5D0A193768@outgoing2.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
Working on a recent pen test I ran across a system which was a Cisco Voip gateway allowing SIP and H.323 protocols externally. Only those two ports were available. 1) I fired up Sivus to scan the SIP protocol and found that it allowed unauthenticated invite messages into the server. I follow this up with further research utilizing netcat to receive messages. After the initial "200 trying" response I received a couple of "403 forbidden" responses. My understanding is that the 200 trying meant that the gateway passed the message back to the back end server and that server gave the forbidden. Yet Sivus flagged the vulnerability as High. Am I right in assuming if I knew more about the layout I could try such attacks as a denial of service by ringing all of their phones at the same time, or sending SPIT? What potential flaws could come from this? 2) They also had the H.323 protocol available, but SiVUS doesn't support scanning of that protocol yet. Anyone know of tools, methodologies to test this protocol? Thanks Guys, Mike Klingler ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Generating awareness amongst IT staff, Faheem SIDDIQUI |
|---|---|
| Next by Date: | Re: Generating awareness amongst IT staff, pand0ra |
| Previous by Thread: | AttackAPI 2.0 alpha, pdp (architect) |
| Next by Thread: | Fw: Voip security, Sony C |
| Indexes: | [Date] [Thread] [Top] [All Lists] |