In my last post I noted that it’s a good idea to know how robust your IP phone is to attacks against the stack and mentioned the Targa3 tool for classic attacks. Continuing in this testing approach I’d like to bring up a fantastic tool called ISIC. If you dare to run ISIC, I can almost guarantee will make any IP phone drop dead in its tracks, reboot, show wierd characters on the screen, etc., etc.
Take my word for it, you do not want to run this monster on a production network. To wit, the ISIC page states the following:
“Warning: ISIC may break shit, melt your network, knock out your firewall, or singe the fur off your cat”
A key takeaway of ISIC is that it is not just a single tool, but rather a suite of tools; with each tool (esic, udpsic, tcpsic, etc.) geared toward targeting a specific layer of the IP stack.