[VOIPSEC] voipscanner.com in beta - SaaS VoIP Security Scanning
publists at enablesecurity.com
Tue Apr 7 16:43:45 BST 2009
On Tue, Apr 7, 2009 at 5:27 PM, Dustin D. Trammell
<dtrammell at breakingpoint.com> wrote:
> On Tue, 2009-04-07 at 16:34 +0200, Sandro Gauci wrote:
> Waiting for my "beta code" now. How do you determine that I am not an
> "evil entity"?
Philosophical issues apart - I'm doing that the manual way at this
stage. It does not scale very well, but seems to be the safest for now
(although I can imagine a few social engineering attacks ;-).
> I.e., what prevents me, as an attacker, using this service to scan
> someone else's PBX to do my reconnaissance for me? How shall I be
> restricted to IP space that I'm authorized to scan, and how is this
An attacker would have to have received the "beta code". There is no
restriction on IP address space currently but would be interested in
your suggestions on this one. As an extra precaution I'm actively
monitoring the service to detect abuse.
Abuse is definitely not an easy issue to solve..
More information about the Voipsec