[VOIPSEC] Pen Testing VOIP

Tue Oct 11 07:37:34 CDT 2005

I used Cain and Able with very good results.  You might also look for
a version of ethereal called ethereal-xtra, which has the voip
decodes.

Craig Khan

On 10/11/05, Voipsec-request at voipsa.org <Voipsec-request at voipsa.org> wrote:
> Send Voipsec mailing list submissions to
>        Voipsec at voipsa.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> or, via email, send a message with subject or body 'help' to
>        Voipsec-request at voipsa.org
>
> You can reach the person managing the list at
>        Voipsec-owner at voipsa.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Voipsec digest..."
>
>
> Today's Topics:
>
>   1. Re: Voipsec Digest, Vol 10, Issue 8 (Radu State)
>   2.  Pen Testing VOIP (Rubino, Mark (Mark))
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 10 Oct 2005 09:39:33 +0200
> From: "Radu State" <Radu.State at loria.fr>
> Subject: Re: [VOIPSEC] Voipsec Digest, Vol 10, Issue 8
> To: <Voipsec at voipsa.org>
> Message-ID: <002101c5cd6d$c1e0ed40$fc405198 at Davis>
> Content-Type: text/plain;       charset="iso-8859-1"
>
>
> Hi all,
>
> > ------------------------------
> >
> > Message: 6
> > Date: Wed, 5 Oct 2005 14:26:39 -0600
> > From: Rick.Wanner at sasktel.sk.ca
> > Subject: [VOIPSEC] Pen Testing VOIP
> > To: Voipsec at voipsa.org
> > Message-ID:
> > <OF9DD15BB7.D95003CA-ON06257091.007011CE-06257091.00704D84 at sasktel.sk.ca>
> >
> > Content-Type: text/plain; charset="US-ASCII"
> >
> > Does anyone have any recommendations for tools that may be useful when
> > performing a PenTest in a VOIP infrastructure?  I am mostly interested in
> > tools which can be used to validate and exercise the VOIP protocols
> > themselves.
> >
> > Thanks
> > Rick
> >
> >
>
>
> You might have a look at SIVUS, it's pretty good....
>
> http://www.vopsecurity.org/html/tools.html
>
>
> Radu
>
>
>
>
> > ------------------------------
> >
> > Message: 7
> > Date: Wed, 05 Oct 2005 11:01:45 -0400
> > From: Lou Barsony <barsony at ieee.org>
> > Subject: [VOIPSEC] VoIP Book
> > To: voipsec at voipsa.org
> > Message-ID: <BAYC1-PASMTP01FD555D307B05FF33C9F093820 at CEZ.ICE>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> >
> > Has anyone read -
> >
> > *Voice Over Internet Protocol (Voip) Security*
> > by James F., PhD Ransome
> >
> <http://www.amazon.ca/exec/obidos/search-handle-url/index=books-ca&field-aut
> hor=Ransome%2C%20James%20F.%2C%20PhD/701-4020216-5313160>
> > (Author), John, PhD Rittinghouse
> >
> <http://www.amazon.ca/exec/obidos/search-handle-url/index=books-ca&field-aut
> hor=Rittinghouse%2C%20John%2C%20PhD/701-4020216-5313160>
> > (Author) ?
> >
>
>
> I've read it. It's the only book an VOIP security, such that it's worth
> reading. However, rhe contents is quite scattered and the logical flow is
> sometimes difficult to follow.  It looks more like a catalogue of problems
> and solutions. Also, the book addresses also general network level security
> and not only the VOIP part. The 7 th. chapter is very good for the VOIP
> security and you can find it  here:
> http://searchenterprisevoice.techtarget.com/searchEnterpriseVoice/downloads/VoIPsecurityChap7.pdf
>
>
>
>  Radu
>
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 10 Oct 2005 09:49:45 -0400
> From: "Rubino, Mark \(Mark\)" <mrubino at avaya.com>
> Subject: [VOIPSEC]  Pen Testing VOIP
> To: <Voipsec at voipsa.org>
> Message-ID:
>        <16F9BDD39536704DA7BFB3172BF19172097C7D61 at nj7460avexu2.global.avaya.com>
>
> Content-Type: text/plain;       charset="us-ascii"
>
> Dedicated VoIP pen testing tools haven't evolved to today's current
> batch of 'script kiddy' tools available for other network services.
> After a review of the network architecture and equipment deployment of
> the VoIP network you may find some of these tools useful. I agree that
> all VoIP vulnerabilities are not VoIP specific to SIP/H.323.
>
> Regards,
> Mark
>
>
>
> ------------------------------
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> End of Voipsec Digest, Vol 10, Issue 10
> ***************************************
>