[VOIPSEC] SBC security/pen testing
Christopher A. Martin
chris at infravast.com
Sun Apr 24 21:07:08 CDT 2005
Ya, that and default community strings for snmp, default passwords and
accounts not disabled.
I cant even believe that telnet would be an option when ssh is already
included on many of the vendors products.
I am sanitizing my old vendor requirements document for submission to
the group.
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of A S
Sent: Saturday, April 23, 2005 12:02 PM
To: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] SBC security/pen testing
I have Scan SBC's using NMAP, Nessus, Sivus. interstingly almost all of
them have UDP ports open. One has FTP port open !!!. Wondering why
vendors are not testing their Security products against very well known,
easily
avaiable security tools.
thx
On 4/23/05, Christopher A. Martin <chris at infravast.com> wrote:
> Look for underlying protocols that may not have been disabled, such as
> rcp, ftp, telnet and default usernames and passwords...hint vxworks.
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]
On
> Behalf Of A S
> Sent: Friday, April 22, 2005 1:35 PM
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] SBC security/pen testing
>
> Greetings All,
>
> Testing SBC's from different vendors. Any idea/ suggestions?
>
> thanks
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list