[VOIPSEC] Interesting Article - Many VOIP vulnerabilities few exploits?
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Dec 20 02:58:13 CST 2007
Craig schrieb:
>
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
> cleId=9053452&source=rss_news50
>
>
> The above article predicts that there will not be many (or any) major VOIP
> attacks next year. The primary reasons the author gives are:
>
> 1. that most VOIP deployments are behind corporate network protections,
> 2. that most deployments are using proprietary protocols and
> 3. the ROI for attackers isn't very high.
>
>
> None of these reasons hasn't been stated before. What is new is the fact
> that the article is saying that 2008 won't bring any major crippling
> attacks; the kind that create headlines in mainstream media.
>
> Thinking about it, that makes sense. After all, although VOIP may be
> spreading, it is doubtful that a single attack, or even a blended attack,
> could be created that exploits all or most VOIP implementations at once.
I tend to disagree. There are lots of Asterisk boxes out there and I am
quite sure that many of them do NOT immediately update Asterisk after
security advisories. So I am quite sure I can crash many Asterisk boxes
by sending crafted SIP packets to random IP addresses port 5060.
regards
klaus
>
> Just my humble thought....
>
>
> Craig L. Bowser
> Information Assurance Manager
> CISSP SANS GSEC (Gold)
> craig reswob net
> -------------------------------
> An economist is an expert who will know tomorrow why the things he predicted
> yesterday didn't happen today. - Laurence J. Peter
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list