Security Basics mailing list archives
Re: A different kind of security problem?
From: NewYork User <newyorkuser () gmail com>
Date: Wed, 20 Jul 2005 09:31:38 -0400
Keenan, If you guys are using Cisco, then there was a good article "Hacking Cisco IP Phones" in the Spring 2005 version of the 2600. One of the tricks that was described was similar to the problem you are having. How to change the music etc..Unfortunately, there is no electronic version of this. But you can find this book in Borders or B&N stores. Hope this helps On 7/18/05, Smith, Keenan C. <Keenan.Smith () jhuapl edu> wrote:
All, Okay, this is one that requires squinting your eyes a bit and turning your head to really be a security issue but if you stick with me, I think you'll see where I'm going with this one. A recently installed VOIP system in my company works well most of the time. However in a few cases, we've heard music on the line that was not being generated by either end. In one case, one of our VOIP phones was being used to access a bridge for a conference call. There were 15 or 20 folks on the call and at one point during the call loud rock music begin playing. The phone was hung up since voices could not be heard over the music. We found out later that not only had everyone else on the call hear the music but it ended when we disconnected from the call. In another case, one of our VOIP phones was being used to call a residential number. Again, towards the end of the call music begin playing. However, this time it was soft jazz. In both cases the music was not being generated by any of the participants and none were on hold so hold music was not the culprit. My thought is that we're experiencing a bleed through or cross-talk from other traffic on the same network hosting the VOIP traffic. If that is indeed the case, my question to the group at large is this: does that indicate a possible vulnerability of some sort in the protocols that support VOIP? Is this something that could be exploited to eavesdrop or even route a call to an unknown destination? I Googled for this but didn't find much about it. Thoughts? Keenan Smith
Current thread:
- A different kind of security problem? Smith, Keenan C. (Jul 19)
- Re: A different kind of security problem? NewYork User (Jul 20)
- <Possible follow-ups>
- RE: A different kind of security problem? Stephane Auger (Jul 20)
- RE: A different kind of security problem? Alan Greig (Jul 20)
- Re: A different kind of security problem? prod92a (Jul 21)
- Re: Re: A different kind of security problem? ayman_m_galal (Jul 21)
- Re: A different kind of security problem? bnottle (Jul 22)