[VOIPSEC] Fwd: SIPVicious v0.2.3 supports SRV DNS records and Fingerprinting
Diana Cionoiu
diana-liste at voip.null.ro
Mon Mar 1 22:48:31 GMT 2010
Hi all,
Seems that sipvicicious has a significant bug.
Someone tried to attack a Yate server using it.
The svmap like tool worked very well and found our server.
However the svwar doesn't work with Yate. Because Yate is not as stupid
as Asterisk to answer with 404 when it should answer 401.
sipvicious somehow uses a multithreaded system or was made somehow
multithreaded and somehow it ended up looping with registration requests.
Diana
P.S. A whitehat work can always be used by a blackhat guy.
Shawn Merdinger wrote:
> fyi
>
> --scm
>
> ---------- Forwarded message ----------
> From: publists at enablesecurity.com
> Date: 3 Jun 2008 12:13:13 -0000
> Subject: SIPVicious v0.2.3 supports SRV DNS records and Fingerprinting
> To: pen-test at securityfocus.com
>
> My project SIPVicious v0.2.3 now supports the SRV records and
> fingerprinting. If you would like to give it a try:
>
>
> http://sipvicious.googlecode.com/files/sipvicious-0.2.3.tar.gz
>
>
> This is a beta version and definitely needs testing. So if you come
> across any bugs, send me a report.
>
>
> For SRV record support you will need to have dnspython from:
>
> http://www.dnspython.org
>
>
>
> Sandro Gauci
>
>
> h
> http://enablesecurity.com/
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
More information about the Voipsec
mailing list