Raising Awareness on VoIP System Attacks
Raising Awareness on VoIP System Attacks
September 2008 Jason Ostrom of VoIP Hopper on Saturday plans to release his next-generation VoIP sniffer at Toorcon in San Diego to help raise awareness of the type of vulnerabilities businesses face as they adopt unified communications (UC) technology. He told CNET News that the tool, UCSniff, has two settings. One is a learning mode, sniffing all the IP traffic then mapping telephone extensions to specific addresses. By default, it is capturing all the calls and saving them to wave files. The other setting is a bit more creepy: targeting conversations. After learning the IP addresses of the phone system, someone using UCSniff can listen to all the VoIP, or voice over Internet Protocol, conversations made by a specific user, say the CEO. That's user mode. A second mode, conversation mode, allows someone to monitor calls made exclusively between two extensions, say only when the CEO calls the CFO. "So it's like dynamic ARP poisoning," Ostrom explained, referring to Address Resolution Protocol spoofing. "The tool, on the fly, figures out how to do the ARP poisoning for you so you're not intercepting the traffic of phones that you do not want to intercept." By Robert Vamosi
Computer and Internet Security news provided here represents global independent resources. The information represented here is © by the stated author.
