I have looked a tiny bit at this problem. There does not seem to be much info outside the telcos if you run into H.323 family of protocols (port 1720?) In fact these protocols appear to be copyrighted and you can spend quite a bit of money buying all the different specifications. However, there is an open-source project called, oddly enough, OpenH323 (http://www.openh323.org) that provides a stack, gateway, and softphone implementation, among other things. However, if you run into SIP (Session Initiation Protocol ftp://ftp.rfc-editor.org/in-notes/rfc3261.txt), there are some known problems that Ofir Arkin gave an excellent presentation on at this year's Black Hat Briefings. I believe SIP runs over UDP by default, which opens it up to some spoofing attacks, especially for people who can sniff traffic between the endpoints. These attacks include denial of service and man-in-the-middle attacks. Anyhow, the presentation is a great intro to SIP and it's problems. It's available at: http://www.sys-security.com/archive/conferences/blackhat/USA2002/ET_Can' t_Phone_Home_-_VoIP_Security_[BH_USA_2002].zip Hope this helps, and I'd love to hear if you find out any more info or come across some good audit tools for VoIP... Phil > -----Original Message----- > From: Marco van Zanten [mailto:marco.van.zantenat_private] > Sent: Thursday, September 12, 2002 7:24 AM > To: pen-test security focus > Subject: Pen testing a VOIP gateway > > > Experts, > > I'm asked to do a external pen test on a VOIP gateway. > > To my opinion this is nearly impossible. (maybe if you use a > gateway youself, or softphone application to attack ?) I > can't find any info on this subject. There is enough info on > securing the VOIP env. internally, but that is not the problem here. > > Can anyone argue or confirm my thoughts. > > Any help is appreciated. > > Thansk in advance, > > MM > > -- > ************************************************************** > ************** > This message contains information that may be privileged or > confidential and is the property of the Cap Gemini Ernst & > Young Group. It is only intended for the person to whom it is > addressed. If you are not the intended recipient, you are not > authorized to read, print, retain, copy disseminate, > distribute, or use this message or any part thereof. If you > receive this message in error, please notify the sender > immediately and delete all copies of this message. > ************************************************************** > ************** > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) Service. For more information on > SecurityFocus' SIA service which automatically alerts you to > the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 09:27:19 PDT