On Thu, Jun 14, 2001 Brandon Young wrote: > A couple of colleagues and I are working on a security audit for a > VOIP system. Anyone know of any exploits and vulnerabilities that may > exist with Cisco's call manager? One thing we have found is that the > traffic can be sniffed during phone calls. TCP is used for the > initial connection setup and then once the phone has setup a session > to the call manager it then uses the RTP protocol. We found that the > conversation is placed in the PCMU audio codec. We are looking to > find a way to extract the payloads and reassemble the audio so that > we can play back the phone conversations. We are also looking at > launching a man in the middle attack and getting access to the > conversation and trying and listen to it in real time instead of > capturing and replaying. Any ideas on some possible ways to execute > this? soon to be integrated into the dsniff suite: http://www.monkey.org/~provos/vomit/ decode and convert Cisco IP phone calls into .wav format for playback (either realtime or from a tcpdump capture), and inject .wav data into ongoing telephone conversations. be sure to leave a tip for Niels. :-) -d. p.s. he really does leave me those kind of crazy messages... --- http://www.monkey.org/~dugsong/
This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 16:12:09 PDT