Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
Jason Ostrom, John Kindervag

Comments Mode:
VoIP Hopping: A Method of Testing VoIP security or Voice VLANs 2007-09-11
Anonymous
VoIP Hopping: A Method of Testing VoIP security or Voice VLANs 2007-09-13
Jamal Pecou
VoIP Hopping: A Method of Testing VoIP security or Voice VLANs 2007-09-18
Anonymous
VoIP Hopping: A Method of Testing VoIP security or Voice VLANs 2007-09-19
Anonymous
VoIP Hopping: A Method of Testing VoIP security or Voice VLANs 2007-09-24
Anonymous
VoIP Hopping: A Method of Testing VoIP security or Voice VLANs 2007-10-11
Anonymous
There really isn't much here would stop a determined intruder. The vlan info might be able to be found on the phone itself, no sniffing required. Access-lists for voice traffic still leave a wide number of ports open as the protocols have dynamic destinations. These ACL?s should be in place, but it should be understood that it still leaves the call processor(s) open to any number attacks as they are inside the ACL perimeter. MAC filtering is pointless (as mentioned in another comment) because the MAC is listed both on and in the phone hardware configuration. Turning off DHCP is almost silly, if an attacker is sniffing for VLAN info it would be trivial to see the address structure and statically assign him/herself an address. About the only thing that would have a tangible impact on a voice network's security posture is to prune unnecessary vlans from ports in publicly accessible areas, which at best only helps to provide containment.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1892/979#979




 

Privacy Statement
Copyright 2007, SecurityFocus