Hi Jason,
Thank you for your comments, I appreciate it.
Indeed you are right, SIP runs on UDP on 5060. The TCP socket connection
only tests if the port responds. Do you think it would be better to use UDP?
I did think about adding 5061, but given the unfortunate fact that TLS is
hardly ever used, and also to make the scan faster, I left it out for the
time being. But I will add it in future versions.
Thanks! :)
Regards,
Sergio
-----Mensaje original-----
De: Jason Ross [mailto:algorythm_at_gmail.com]
Enviado el: Miércoles, 28 de Mayo de 2008 04:58 p.m.
Para: Sergio Castro
CC: pen-test_at_securityfocus.com
Asunto: Re: Sipflanker finds fulnerable Web GUIs deployed by IP phones and
PBXs
On Tue, May 27, 2008 at 4:00 PM,
Sergio Castro <sergio.castro_at_unicin.net> wrote:
>
> What the application does is search the range of IPs you specify, and
> checks if port 5060 is available. Whether open or close, port usually
> 5060 indicates the presence of a SIP device.
> Then it checks if port 80 (http) is open.
Looking through the code, it's a very decent start, and a good idea IMO.
One thing you may want to consider is that SIP generally runs on UDP/5060.
Your portscan.py script calls both port 80 and 5060 with AF_INET and
SOCK_STREAM which would mean TCP both times.
It may make sense to break the SIP scan out such that it checks for both UDP
and TCP port 5060 (and you may also want to add TCP/5061 to the mix, as
SIP/TLS generally uses that port.)
Other than that, like I said, a decent bit of work I think.
Regards,
Jason
__________ NOD32 3142 (20080528) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 28 2008
Intro
