[VOIPSEC] Cisco 7920 wireless IP Phones

Guillermo Marro gmarro at synaptes.com
Thu May 26 12:45:33 CDT 2005 

Chris,

IMHO, saying that wireless infrastructure is insecure (irrespective of
what preventive measures you take to mitigate risks) is perhaps an
unnecessary simplification that might cause a lot of misconception. 
 
In my eyes, wireless infrastructure will never be safe from layer-1
local DoS attacks (signal jamming). Irrespective of how smart your
modulation scheme is, there is not much you can do about powerful wide-
band white noise generators. So it's probably safe for now to say that
availability is and will be an issue.

Regarding confidentiality and integrity, I'm with Tom: strength of WPA
protection DOES MATTER.  

It'd be interesting to know about successful attacks to WPA2-AES
achieved in feasible time frames. I'd also be more than happy to know
about successful attacks to TLS and SSH (patched implementations on both
wireless or wired deployments).

Regarding the overhead added by IPSec, I believe it is entirely
dependent on the size of the IP datagram. A datagram with a payload of
64 bytes does not clearly have the same overhead (in proportion) that
one with 1480 bytes of payload. I'm no VoIP expert, so I don't know what
the average VoIP packet looks like, but I'd like to know how you reach
that 40% overhead figure.

Thanks,

-G


On Wed, 2005-05-25 at 22:26 -0500, Christopher A. Martin wrote:
> TLS is SSL all grown up.
> 
> SSL and SSH can be hijacked (MiM, Man in the middle) by hacker tools
> crafted specifically for VoIP. A good example of ssl hijacking is a tool
> called airsnarf.
> 
> http://airsnarf.shmoo.com/
> 
> I believe that this would be a trivial task to convert to SIP since it
> is merely a cousin to html.
> 
> The author, Beetle, gave some very good demonstrations of how easy it is
> to break "ANY" wireless encryption/protection scheme and, with this
> tool, hijack any ssl/tls encrypted page to capture authentication/credit
> card or any other info that was supposed to be encrypted. Over two days
> he was able to show a class of about 60 people, many new to wireless how
> to do the same thing.
> 
> When I say that IPSec adds too much overhead I refer to the fact that,
> due to encapsulation, IPSec adds approximately 40% additional overhead
> to an IP packet and often fragmentation due to packets that need to be
> fragmented for encapsulation.
> 
> Chris
> 
> -----Original Message-----
> From: Robert Thompson Jr. [mailto:rthompson at columbiabank.com] 
> Sent: Wednesday, May 25, 2005 1:19 PM
> To: Chris at infravast.com; Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] Cisco 7920 wireless IP Phones
> 
> I am very new to VOIP, so please bear with me.
> 
> But when you say that it is trivial to intercept the traffic, you just
> mean to receive it right?  You are not talking about deciphering the
> information and being able to listen in on the conversation are you?
> 
> Why would IPSEC add too much overhead?
> 
> Instead of SSH and SSL, could TLS be used?  As I am under the
> understanding that TLS doesn't have any more overhead than SSL though is
> quite more secure.
> 
> Rob.
> 
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Christopher A. Martin
> Sent: Tuesday, May 24, 2005 5:47 PM
> To: 'Finnegan, James M SAM Contractor'; Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] Cisco 7920 wireless IP Phones
> 
> 
> It is trivial to hijack, intercept, impersonate any type of traffic over
> wireless, whether WEP, WAP, etc is implemented. IPSec over it is about
> the only safe bet (which adds too much overhead). SSH and SSL can also
> be compromised due to wireless hijacking.
> 
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Finnegan, James M SAM Contractor
> Sent: Tuesday, May 24, 2005 12:03 PM
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] Cisco 7920 wireless IP Phones
> 
> Greetings all,
> 
>   I have run into a problem I was hoping to get feedback on. We are
> using the 7920 IP Phones at our sites, running CCM 3.3.
> 
>  The Army has decided the wireless link needs to be encrypted with
> something other than WEP or WEP  w/LEAP. Our standard wireless
> encryption is 3DES.
> The
> 7920's only support WEP or WEP w/LEAP. Has anyone run into this problem?
> 
>  
> 
> Thanks
> 
>  
> 
> Mike Finnegan
> 
> B.I.T.S.
> 
> U.S.Army Corp of Engineers
> 
>  
> 
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> 
-- 
...........................
Guillermo Marro
Synaptes
Comunicacion Inteligente
http://www.synaptes.com

More information about the Voipsec mailing list