Monday, July 27, 2009

How law enforcement sees VoIP

While browsing Wikileaks, I came across a document titled "An Overview of VOIP for Law Enforcement, 23 Dec 2008". It reads as a "VoIP explained" document for law enforcement , explaining the basics and the restrictions that law enforcement agencies have when it comes to VoIP. Here's a summary:
  • The difference between a traditional phone call and a VoIP phone call is discussed (signals and circuits versus packets)
  • With VoIP various devices may be used: software (softphones) installed on a pc, VoIP gateways and IP Phones
  • Discussion of caller id spoofing, how it makes it harder for LE to tell if the call is from a VoIP provider or a real number or not (anonymous calls)
  • Vishing, the act of phishing by involving VoIP
  • Actively tracing VoIP calls is almost impossible
  • 911 emergency calls or VoIP E911 is mentioned
  • There are 4 ways to identify VoIP usage: the Caller ID (which may be spoofed), Phone records (where tracing is similar to tracing the source of email), VoIP hardware (eg. phones connected to ethernet) and VoIP software
  • CALEA was updated in 2005 to cover VoIP providers so that LE to allow tapping, recording and tracing of phone calls
  • Due to the international nature of the Internet, if the provider is not US-based, then it does not have to comply with these laws or LE requests

Friday, July 17, 2009

Scan your public facing PBX with

Announcing, the SaaS Voice over IP Security scanner. If you're already familiar with SIPVicious, then you can guess what this tool does. This online tool makes it easier than ever to check if the Asterisk box you just installed, or most other SIP PBX servers, is misconfigured and contains weak credentials. Attackers on the 'net are already doing this for their own benefit, don't wait until they hit your PBX!

Using this tool consists of the following steps:
  1. Register an account and buy credit (or use the time limited promo SIPV to get some for free)
  2. Enter the IP address of your PBX server and scan away
  3. Receive a report by email that shows the findings

How does it work really? is making use of the next generation of SIPVicious (2.0) in the background and right now it does the following automatically:
  1. Checks if an IP PBX is listening on the given address
  2. Does extension enumeration, just like svwar in SIPVicious
  3. For each extension found it starts a password cracking attack
  4. Generate a PDF report such as this one
Any feedback or affiliate requests, contact me.