[VOIPSEC] FW: fyi: Pharming against IP telephony

Scott Beverly scottbeverly at mercuryrm.com
Mon Jun 27 18:47:02 CDT 2005 

Wouldn't it take something along the lines of end-point to end-point bi-
directional authentication?  

I'm thinking of something along the lines of EAP as used for 802.1x or
similar.  Or perhaps that is what you are suggesting using SSL.  Like
using a certificate authority to verify that you are "talking" to the
destination that you think you are "talking" to and not a pharmer.  I
think that would probably scale better especially in an any-to-any
calling world.

However, I would still say that this must be bidirectional to avoid
someone from acting as a rogue end-point on either end of a call.

Scott...


On Sun, 2005-06-26 at 21:49 -0600, Irwin Lazar wrote:
> FYI: Forwarded for discussion:
>  
> Any thoughts on prevention mechanisms?  SSL seems to be a possibility.
>  
> 
> 
> 
> http://www.cybercrimelaw.org/index.cfmhursday, June 09 | Pharming
> threats to IP phone networks described
> 
> Pharming against IP telephony is now only possible, it is probable.
> ZDNet describes how pharming (or "poisoning" a DNS server to reroute
> traffic to a different destination) may be used to redirect IP phone
> traffic from the intended recipient to another location. Imagine you
> dialing your bank's number, entering your SSN and password at the voice
> prompts, and then a month later, having your identity stolen. 
> 
> Pharming exploits vulnerabilities in a piece of network equipment
> responsible for translating e-mail and Web addresses into IP addresses.
> Security experts speaking at Supercomm this week said that, by hijacking
> a domain-name system (DNS) server--a computer that stores and organizes
> IP addresses--pharmers get control of VoIP calls.
> 
> Without their knowledge, VoIP users' calls could then be redirected to
> IP addresses completely different from the ones the users dialed, warns
> Paul Mockapetris, the inventor of the domain name system.
> 
> 6/7/2005
> 
> 
> Pharming threats to IP phone networks described 
> 
> 
> -Posted by Russell Shaw @ 5:51 am 
> 
> *	General <http://blogs.zdnet.com/ip-telephony/index.php?cat=1>  
> 
> *	Security <http://blogs.zdnet.com/ip-telephony/index.php?cat=2>  
> 
> >From the giant Supercomm <http://www.supercomm2005.com/>  telephony
> trade show in Chicago, colleague Ben Charny reports
> <http://news.zdnet.com/2100-1009_22-5734117.html> today on concerns
> about a VoIP flavor of pharming. It's DNS cache poisoning, pure and
> simple.
> 
> As Ben explains, pharming can exploit vulnerabilities in certain network
> equipment that translates email and Web addresses into IP addresses.
> Security experts at Supercomm are pointing out that by hijacking a
> domain-name server that organizes and stores IP addresses, pharmers can
> obtain control of VoIP calls.
> 
> You don't want that to happen. Why? Your VoIP calls, or callers, could
> be directed to unintended and perhaps malicious, IP addresses.
> 
> We'll be monitoring insights from Supercomm for solutions. If you have
> any, we'd like to hear about them as well. Post a TalkBack.
> 
>  
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
-- 
Scott Beverly
Mercury Risk Management
scottbeverly at mercuryrm.com

More information about the Voipsec mailing list