Two attacks against VoIP

Two attacks against VoIP
Peter Thermos

"We are more secure than a regular phone line."

Expand all | Post comment

Two attacks against VoIP 2006-04-06
Tobias Glemser (3 replies)

Re: Two attacks against VoIP 2006-04-06
Author (2 replies)

Re: Re: Two attacks against VoIP 2006-04-12
Tobias Glemser

Re: Re: Two attacks against VoIP 2006-04-16
Anonymous

Re: Two attacks against VoIP 2006-04-06
Anonymous (1 replies)

Re: Re: Two attacks against VoIP 2006-04-12
Tobias Glemser

"None of this seems to have any entropy. Which means it's vulnerable to replay attacks, just as the article states."

No. Since the nonce value is unique for each request, if you just try to replay the PBX will reject your packet requesting a new authentication with a different nonce.

So replay will _not_ work.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1862/528#528

Re: Two attacks against VoIP 2006-04-07
Roger (1 replies)

Re: Re: Two attacks against VoIP 2006-09-25
VoIP_Hacker

Two attacks against VoIP 2006-04-06
Greg (1 replies)

Re: Two attacks against VoIP 2006-10-24
Wireless_VOIP

Two attacks against VoIP 2006-04-07
Peter Thermos

Two attacks against VoIP 2006-04-10
Anonymous

Two attacks against VoIP 2006-04-11
MidNet

Two attacks against VoIP 2006-11-09
Anonymous