[VOIPSEC] voipscanner.com in beta - SaaS VoIP Security Scanning
Sandro Gauci
publists at enablesecurity.com
Tue Apr 7 10:43:45 CDT 2009
answers inline
On Tue, Apr 7, 2009 at 5:27 PM, Dustin D. Trammell
<dtrammell at breakingpoint.com> wrote:
> On Tue, 2009-04-07 at 16:34 +0200, Sandro Gauci wrote:
>
> Waiting for my "beta code" now. How do you determine that I am not an
> "evil entity"?
>
Philosophical issues apart - I'm doing that the manual way at this
stage. It does not scale very well, but seems to be the safest for now
(although I can imagine a few social engineering attacks ;-).
> I.e., what prevents me, as an attacker, using this service to scan
> someone else's PBX to do my reconnaissance for me? How shall I be
> restricted to IP space that I'm authorized to scan, and how is this
> determined?
>
An attacker would have to have received the "beta code". There is no
restriction on IP address space currently but would be interested in
your suggestions on this one. As an extra precaution I'm actively
monitoring the service to detect abuse.
Abuse is definitely not an easy issue to solve..
- sandro
More information about the Voipsec
mailing list