Penetration Testing: Re: Voice over IP

[Andreas Östling <andreaso () it su se>]

On Thursday 14 June 2001 17:47,  Young, Brandon wrote:
...
> A couple of colleagues and I are working on a security audit for a
> VOIP system. Anyone know of any exploits and vulnerabilities that may
> exist with Cisco's call manager? 
...

You may want to check out a tool by Niels Provos called "vomit" - voice over 
misconfigured internet telephones.
It's available from http://www.monkey.org/~provos/vomit/

"The vomit utility converts a Cisco IP phone conversation into a wave file 
that can be played with ordinary sound players. The phone conversation can 
either be played directly from the network or from a tcpdump output file. 
Vomit is also capable of inserting wavefiles into ongoing telephone 
conversations. Vomit can be used as a network debugging tool, a speaker 
phone, etc ..."

Have not tried it myself, yet.

Regards,
Andreas Östling