[VOIPSEC] Cisco 7920 wireless IP Phones
Christopher A. Martin
chris at infravast.com
Wed May 25 22:26:07 CDT 2005
TLS is SSL all grown up.
SSL and SSH can be hijacked (MiM, Man in the middle) by hacker tools
crafted specifically for VoIP. A good example of ssl hijacking is a tool
called airsnarf.
http://airsnarf.shmoo.com/
I believe that this would be a trivial task to convert to SIP since it
is merely a cousin to html.
The author, Beetle, gave some very good demonstrations of how easy it is
to break "ANY" wireless encryption/protection scheme and, with this
tool, hijack any ssl/tls encrypted page to capture authentication/credit
card or any other info that was supposed to be encrypted. Over two days
he was able to show a class of about 60 people, many new to wireless how
to do the same thing.
When I say that IPSec adds too much overhead I refer to the fact that,
due to encapsulation, IPSec adds approximately 40% additional overhead
to an IP packet and often fragmentation due to packets that need to be
fragmented for encapsulation.
Chris
-----Original Message-----
From: Robert Thompson Jr. [mailto:rthompson at columbiabank.com]
Sent: Wednesday, May 25, 2005 1:19 PM
To: Chris at infravast.com; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] Cisco 7920 wireless IP Phones
I am very new to VOIP, so please bear with me.
But when you say that it is trivial to intercept the traffic, you just
mean to receive it right? You are not talking about deciphering the
information and being able to listen in on the conversation are you?
Why would IPSEC add too much overhead?
Instead of SSH and SSL, could TLS be used? As I am under the
understanding that TLS doesn't have any more overhead than SSL though is
quite more secure.
Rob.
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Christopher A. Martin
Sent: Tuesday, May 24, 2005 5:47 PM
To: 'Finnegan, James M SAM Contractor'; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] Cisco 7920 wireless IP Phones
It is trivial to hijack, intercept, impersonate any type of traffic over
wireless, whether WEP, WAP, etc is implemented. IPSec over it is about
the only safe bet (which adds too much overhead). SSH and SSL can also
be compromised due to wireless hijacking.
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Finnegan, James M SAM Contractor
Sent: Tuesday, May 24, 2005 12:03 PM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] Cisco 7920 wireless IP Phones
Greetings all,
I have run into a problem I was hoping to get feedback on. We are
using the 7920 IP Phones at our sites, running CCM 3.3.
The Army has decided the wireless link needs to be encrypted with
something other than WEP or WEP w/LEAP. Our standard wireless
encryption is 3DES.
The
7920's only support WEP or WEP w/LEAP. Has anyone run into this problem?
Thanks
Mike Finnegan
B.I.T.S.
U.S.Army Corp of Engineers
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list