Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pen Testing a PBX (Northern Telecom Meridian-1)
From: Volker Tanger <vtlists () wyae de>
Date: Thu, 8 Sep 2005 09:39:44 +0200

Good morning (at least over here)!

On 7 Sep 2005 16:00:48 -0000
mmarrero () lloydstsb-usa com wrote:

I am about to start a pentest of a PBX system. I was wondering if
there are any vulnerabilities against this make and model of PBX.
Also, does anyone know of a paper on how to appropriately conduct a
pentest. I do not want to miss anything. 

Take care not to break things - users are quite impatient with broken
telephony systems as the availability is experienced/expected with
five-9's (99,999%) and above - at least here in Germany. That's
completely different to computer systems from which people know and
accept that it does not work then and again.

Do you have to pen-test a cable-mode Meridian, an VoIP-based one? Are
there addidtional systems like Symphony or media gateway attached?

The Meridian has different interfaces (and IPs) for administration,
trunk/system connection, VoIP linkup etc. that behave quite differently
even in a base system. A complete media gateway usually is consisting of
multiple Windows and Solaris systems in addition to the Meridian base. 

One thing I remember that one IP interface (management or system
interconnect) was over-sensitive to broadcasts, thus connecting it
directly to an office network was a bad idea. I'm no longer sure wether
it locked up only that module or more parts of the Meridian - or if that
vulnerability still is existing.

Btw.: the system documentation is (was? status 2004) quite incorrect in
parts especially if concerning IP stuff, example: suggestion for a FW
rule to access *from* PC *to* Meridian (or Gateway) is suggested:
                from PC (src: tcp/0-65535) to System (dst: 22)
        *and*   from System (src: tcp/0-65535) to PC (dst: 22)
again: according to docs this for SSH access from PC to system alone.

See the other thread "Pentesting Telephone Systems" for generic TK
system pentesting hints. It is highly recommended to have a Meridian
expert in back office for questions and suggestions. Especially all the
options that often still can be accessed from a standard (system)
telephone is mindboggling and way above a standard PBX system. And that
is why there are abuses reported especially on mis- or
under-configured/administrated Meridians.

Good luck!



Volker Tanger    http://www.wyae.de/volker.tanger/
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]