[VOIPSEC] Anyone know of a hosted service for scanning security of SIP services?

Justin Goldberg jgoldberg at djj-ntl.com
Thu Apr 28 12:38:27 BST 2011


Some SIP providers lock down the SIP IP PBX to a certain IP address.
 Especially, it seems, providers that originated in the TDM world and seem
to be stuck in the TDM mindset.  I could imagine a wily hacker could spoof
the address if he hacked into a carrier's router, although I haven't heard
of actual cases where this has happened.

Justin Goldberg

DJJ Technologies
*jgoldberg at goDJJ.com*
Direct (678) 317-9023
Mobile (504) 208-1158
http://twitter.com/justingoldberg



On Thu, Apr 28, 2011 at 7:00 AM, <voipsec-request at voipsa.org> wrote:

> Send Voipsec mailing list submissions to
>        voipsec at voipsa.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> or, via email, send a message with subject or body 'help' to
>        voipsec-request at voipsa.org
>
> You can reach the person managing the list at
>        voipsec-owner at voipsa.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Voipsec digest..."
>
>
> Today's Topics:
>
>   1. Anyone know of a hosted service for scanning security of  SIP
>      services? (Dan York)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 27 Apr 2011 11:39:58 -0400
> From: Dan York <dyork at voxeo.com>
> To: VoIP Sec <voipsec at voipsa.org>
> Subject: [VOIPSEC] Anyone know of a hosted service for scanning
>        security of     SIP services?
> Message-ID: <D21513D0-DACC-48B5-8CFF-C73B24315B9B at voxeo.com>
> Content-Type: text/plain;       charset=us-ascii
>
> VOIPSEC members,
>
> Here at SIPNOC this week, one of the attendees asked me if there was a
> hosted service that could test the security of a SIP server.  Something like
> the port scanning services like "Shields Up" (
> http://en.wikipedia.org/wiki/Shields_Up ) and the many other similar
> services.
>
> The person asking was from a service provider who is selling SIP
> connectivity to small businesses with IP-PBXs.  Many of these small
> businesses don't have IT staff (and perhaps have purchased their IP-PBX from
> a big box store, online, etc.).  Those SMBs don't know anything about
> security.  He was wondering if there was any service he could direct his
> customers to where they could just go and get a scan of their
> externally-exposed SIP connections.
>
> I haven't heard of one... but this does seem like a cool service that
> someone could offer.  Anyone heard of one?  (Anyone going to write one after
> this message?  ;-)
>
> Dan
>
> --
> Dan York, CISSP, Director of Conversations
> Voxeo Corporation   http://www.voxeo.com  dyork at voxeo.com
> Phone: +1-407-455-5859  skype: danyork  sip:dyork at voxeo.com
>
> Join the Voxeo conversation:
> Blogs: http://blogs.voxeo.com
> Twitter: http://twitter.com/voxeo  http://twitter.com/danyork
> Facebook: http://www.facebook.com/voxeo
>
>
>
> ------------------------------
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> End of Voipsec Digest, Vol 75, Issue 7
> **************************************
>


More information about the Voipsec mailing list