[VOIPSEC] FW: fyi: Pharming against IP telephony
Christopher A. Martin
chris at infravast.com
Sun Jul 10 01:51:35 CDT 2005
More widespread use of DNSSec would be a great start. It's been out
there for some time now, and only the few paranoids out there are using
it. This is a great example of ancillary risks that exist to VoIP, and
other protocols.
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Irwin Lazar
Sent: 06/26/2005 10:50 PM
To: voipsec at voipsa.org
Subject: [VOIPSEC] FW: fyi: Pharming against IP telephony
FYI: Forwarded for discussion:
Any thoughts on prevention mechanisms? SSL seems to be a possibility.
http://www.cybercrimelaw.org/index.cfmhursday, June 09 | Pharming
threats to IP phone networks described
Pharming against IP telephony is now only possible, it is probable.
ZDNet describes how pharming (or "poisoning" a DNS server to reroute
traffic to a different destination) may be used to redirect IP phone
traffic from the intended recipient to another location. Imagine you
dialing your bank's number, entering your SSN and password at the voice
prompts, and then a month later, having your identity stolen.
Pharming exploits vulnerabilities in a piece of network equipment
responsible for translating e-mail and Web addresses into IP addresses.
Security experts speaking at Supercomm this week said that, by hijacking
a domain-name system (DNS) server--a computer that stores and organizes
IP addresses--pharmers get control of VoIP calls.
Without their knowledge, VoIP users' calls could then be redirected to
IP addresses completely different from the ones the users dialed, warns
Paul Mockapetris, the inventor of the domain name system.
6/7/2005
Pharming threats to IP phone networks described
-Posted by Russell Shaw @ 5:51 am
* General <http://blogs.zdnet.com/ip-telephony/index.php?cat=1>
* Security <http://blogs.zdnet.com/ip-telephony/index.php?cat=2>
>From the giant Supercomm <http://www.supercomm2005.com/> telephony
trade show in Chicago, colleague Ben Charny reports
<http://news.zdnet.com/2100-1009_22-5734117.html> today on concerns
about a VoIP flavor of pharming. It's DNS cache poisoning, pure and
simple.
As Ben explains, pharming can exploit vulnerabilities in certain network
equipment that translates email and Web addresses into IP addresses.
Security experts at Supercomm are pointing out that by hijacking a
domain-name server that organizes and stores IP addresses, pharmers can
obtain control of VoIP calls.
You don't want that to happen. Why? Your VoIP calls, or callers, could
be directed to unintended and perhaps malicious, IP addresses.
We'll be monitoring insights from Supercomm for solutions. If you have
any, we'd like to hear about them as well. Post a TalkBack.
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list