[VOIPSEC] SBC security/pen testing
Geoff Devine
gdevine at cedarpointcom.com
Mon Apr 25 07:16:44 CDT 2005
Given the function and architecture of an SBC, you'd expect that virtually all UDP ports would be "open" since the box does header substituion on thousands of UDP/RTP and UDP/RTCP streams that run on different ports. If there hasn't been any SIP signaling to set up a flow from an endpoint for a particular port, you'd expect an SBC would throw those packets on the floor since it wouldn't know how to relay them. Is this the behavior you are seeing?
Geoff
------------------------------------------------------------------------------------------------
From: A S <ccrouter at gmail.com>
I have Scan SBC's using NMAP, Nessus, Sivus. interstingly almost all of
them have UDP ports open. One has FTP port open !!!. Wondering why
vendors are not testing their Security products against very well known, easily
avaiable security tools.
More information about the Voipsec
mailing list