Comments on: VoIP Security Threats

By: TryPot2

TryPot2 — Tue, 27 Jan 2009 05:17:19 +0000

Absolutely not!

…
Absolutely not!

Most of the attacks in the video use perfectly legal VoIP protocol messages, a standard Firewall (windows or otherwise) does little to block these messages.

By: haccduder

haccduder — Tue, 27 Jan 2009 05:17:19 +0000

Loved the demo. …
Loved the demo. I’m actually putting together a presentation about VoIP security issues for a class, but to actually see a few attacks carried out and the ease in which some were done really peaks my curiosity on the issue.

By: blancoh

blancoh — Tue, 27 Jan 2009 05:17:19 +0000

why would it be the …
why would it be the last thing a hacker thinks about? Eavesdropping on corporate secret conversations seems well worthy of doing. Remember statistically speaking most hacks are done internally possibly by employees themselves. To say this is the last thing a malicious person shows your ignorance. This video shows a real threat to businesses worldwide since the inception of VOIP.

By: gurudeveloper

gurudeveloper — Tue, 27 Jan 2009 05:17:19 +0000

1. “planting a …
1. “planting a trojan” == sitting on router.
2. “planting a trojan” is a threat itself , if a host compromised and there is a trojan, voip is one of the last things you should think about.

By: TryPot2

TryPot2 — Tue, 27 Jan 2009 05:17:19 +0000

Not all of the …
Not all of the threats I demonstrate require capturing sniffer traces, but yes I could make a video based on monitoring email. This is a risk which is exactly why sensitive email needs to be encrypted. The reason for the Video is to highlight the risks of VoIP, I do not claim that there are no solutions.

By: TryPot2

TryPot2 — Tue, 27 Jan 2009 05:17:19 +0000

The umption that …
The umption that you need to sit on your own router is wrong. Some of the attacks shown can be launched remotely. Even for those that require traffic monitoring can be done in other ways, for example planting a trojan on the target’s computer. The point of this video is to illustrate just some of the security threats that face VoIP networks, there are others. As for the comment that this is for people who don’t even know how SIP works in modern implementations, this is probably the majority.

By: AwardConsulting

AwardConsulting — Tue, 27 Jan 2009 05:17:19 +0000

Very useful …
Very useful information. Thank you for sharing this with people. Look forward to having tools to protect VOIP traffic.

By: unaizu

unaizu — Tue, 27 Jan 2009 05:17:19 +0000

Hey I guess we are …
Hey I guess we are uming a lot of things here.
Come on, you could also make a video where you capture sniffer traces of all the private emails and transactions from a company.
Going though the internet or a network doesn’t mean that you can sniff all the traffic or inject traffic on it, there are plenty of methods to avoid this happening!

of course if someone doesn’t configure the right security levels I guess is digging his/her own grave :).

By: gurudeveloper

gurudeveloper — Tue, 27 Jan 2009 05:17:19 +0000

Bullshit, you need …
Bullshit, you need to sit on router to perfom all those tricks , and if your router compromised , voip is the last thing you should think about.
This video affects those people who doesn’t know how SIP works in modern implementations (Asterisk, SER, Cisco etc). ! they even doesn’t know how switches work..

By: TryPot2

TryPot2 — Tue, 27 Jan 2009 05:17:19 +0000

The demos shown in …
The demos shown in the video use my own sip testing tools. These are not publicly available