[VOIPSEC] VoIP Testing
S
sp.loves at gmail.com
Tue Sep 25 23:01:32 CDT 2007
Bincy,
I am guessing your question relates to security testing.
Before I answer, here is my disclaimer. My response is to help spread
knowledge about security testing in the hopes that it will be used in
a legal
and ethical way. If you use my response for any purpose, it is your
responsibility.Now..... :)
There are millions of things you can do to test VoIP for security. And
then there are thousands to test IP phones.
A good reference is to read Hacking Exposed by Endler and Collier. It
came out sometime last year Nov, so... many of the techniques
described are
pretty new.
Just like testing for any data network or equipment, VoIPsec testing
involves 2 parts: scanning and attacking.
Scanning involves scanning a
terminal/equipment/node/switch/etc....using
tools/scripts/softwares/etc and checking for open & closed ports,
possible
vulnerabilities. It also involves checking and documenting strengths
of a system. There are several resources available to perform this
part of the
testing. There are freewares and purchased wares.
The second part is attacking. There are again 2 parts to this.
Legitimate attacks and illegitimate attacks. Legitimate attacks for
example involve
sending abundant legit traffic to say an IP phone and see how the IP
phone reacts. Such traffic is usually not blocked by any VoIP gear
unless
bandwidth protection is provided. Illegit traffic consists of sending
illegit traffic (duh!) for example: pingflood, synflood,etc....
If you want to start testing for VOIP, a good place to start is
performing scans. Since this area is fairly new, you would obtain good
reading material
from blogs, articles etc...instead of a proper book (not that you
won't find any if you look).
Good Luck. Keep posting and keep the community informed.
----XAT----
------------------------------------------------------------------------------------------
Hello,
Could anyone pleasea give brief introduction about voip testing..
What all things have to look into ,when testing a IP phone using H.323
and SIP protocol.
Thanks & Regards
Bincy K Philip
More information about the Voipsec
mailing list