[ISN] VoIP system users can be targeted in attacks

From: InfoSec News <alerts_at_private>
Date: Mon, 29 Sep 2008 02:26:01 -0500 (CDT)
http://news.cnet.com/8301-1009_3-10052393-83.html

By Robert Vamosi
Security 
CNET News
September 26, 2008

Jason Ostrom of VoIP Hopper on Saturday plans to release his 
next-generation VoIP sniffer at Toorcon in San Diego to help raise 
awareness of the type of vulnerabilities businesses face as they adopt 
unified communications (UC) technology.

He told CNET News that the tool, UCSniff, has two settings. One is a 
learning mode, sniffing all the IP traffic then mapping telephone 
extensions to specific addresses. By default, it is capturing all the 
calls and saving them to wave files.

The other setting is a bit more creepy: targeting conversations. After 
learning the IP addresses of the phone system, someone using UCSniff can 
listen to all the VoIP, or voice over Internet Protocol, conversations 
made by a specific user, say the CEO. That's user mode. A second mode, 
conversation mode, allows someone to monitor calls made exclusively 
between two extensions, say only when the CEO calls the CFO.

"So it's like dynamic ARP poisoning," Ostrom explained, referring to 
Address Resolution Protocol spoofing. "The tool, on the fly, figures out 
how to do the ARP poisoning for you so you're not intercepting the 
traffic of phones that you do not want to intercept."

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Mon Sep 29 2008 - 00:26:01 PDT

This archive was generated by hypermail 2.2.0 : Mon Sep 29 2008 - 00:35:49 PDT