[VOIPSEC] VoIP Security

[J. Oquendo]

Mike Hammett wrote:
> Has anyone actually proved all the VOIP Security hysteria to be anything more than a bunch of worry-warts?  So far I put it in the same category as someone that runs a firewall on their personal computer behind a NAT router...  An intrusion is technically possible, but how likely?
>
>
> ----
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>   
If I had to give testimony to this, I would say it is likely, currently 
happening, only in small numbers (intrusion). It's only a matter of time 
though that it becomes rampant. I was noticing a lot of problems many 
will face in the upcoming months, but I'm reluctant to speak on some of 
the issues publicly out of fears of giving someone an idea then being 
implicated in some bogus scenario. (been there). If someone in the 
industry (engineer RFC level) would like to speak to me on some things 
I've noticed, I would gladly do so.

As for other forms of attacks, such as Denials of Service, I just 
re-coded something that affects most SIP servers in a really strange 
way. I don't publicly release it since it serves no purpose but have 
contacted vendors on it. So much so in fact that some vendors have 
responded with a "don't call us we'll call you" generic response. What's 
ironic is, if I were to release some of these things, many a sip server 
would have issues. I choose not to. If anyone on this list - that I 
recognize as being a security engineer, IETF engineer, etc or so - wants 
to see some of the lunacy I've created please contact me.


-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams