[VOIPSEC] running pentest on cisco voip
Dan York
dyork at voxeo.com
Thu Jan 31 14:22:46 CST 2008
Davide,
> I'm sure I'm running the MITM between the 2 phones...
Obviously you *are* based on the info below! ;-)
> On my Customer network, the IP-Phones are talking RTP (not SIP) and
> the call setup is done via SKINNY.
Sure... I forgot that your note said the call control was Skinny vs
SIP. The diagram is still basically the same... and is generally
true for most of the VoIP protocols out there. Call control
signaling (SIP, Skinny or otherwise) goes between the phones and the
call server while media (almost always RTP) goes directly from one
phone to the other. Some systems can be set up to have the media go
back through a media gateway in more of a "star" configuration but
most VoIP systems I'm aware of do have the endpoints (like IP phones)
streaming directly point-to-point (assuming they are on the same LAN/
WAN).
> Today I managed to perform a succesfull attack, with Windows, this
> way:
Interesting.
> So, in the end... the procedure I followed with voiphopper and
> ettercap seems to be the correct one...
> Does anybody know a procedure on Linux to re-load/re-initialize
> libpcap??
I don't. It's admittedly been a year or two since I did any serious
usage of sniffing tools on Linux. (And I'm a Mac user now.)
Regards,
Dan
--
Dan York, CISSP, Director of Emerging Communication Technology
Office of the CTO Voxeo Corporation dyork at voxeo.com
Phone: +1-407-455-5859 Skype: danyork http://www.voxeo.com
Blogs: http://blogs.voxeo.com http://www.disruptivetelephony.com
Bring your web applications to the phone.
Find out how at http://evolution.voxeo.com
More information about the Voipsec
mailing list