[VOIPSEC] Re: Voipsec Digest, Vol 2, Issue 33
maguire at it.kth.se
Sat Feb 26 14:56:41 GMT 2005
Date: Fri, 25 Feb 2005 17:31:51 -0500
From: "Brian Rosen" <br at brianrosen.net>
Subject: RE: [VOIPSEC] Actual Attacks
To: "'Mark Teicher'" <mht3 at earthlink.net>, <voipsec at voipsa.org>
Message-ID: <mailman.2.1109398021.4428.voipsec_voipsa.org at voipsa.org>
Content-Type: text/plain; charset="us-ascii"
Are you aware of this actually happening, or is this all theoretic?
I've never heard of actual incidents of any of this.
The latter (eavesdropping) is actually the reverse; when we do testing, we
have to go through all kinds of grief to allow the sniffers to get at the
packets. Someone has to actually bring a hub (not a switch) so we can sniff
the packets. You can, of course, run Etherreal on some of the actual
devices. It's amazingly hard to sniff packets in a typical switched
architecture. When we implement CALEA (legal wiretap), it takes a special
box that we force all the traffic to go through so we can copy the packets
to the LEA.
WiFi and your neighbor's cable modem excepted, of course.
Many switches support the ability to replicate all the traffic to
another port, see for example "port mirroring" for HP, Cisco, Foundry
Networks, ... switches.
G. Q. Maguire Jr.
More information about the Voipsec