Title: Hello - new to this site and need a little help please
Post by: miss on November 10, 2010, 05:08:39 PM
Hi i just came on this site and it is really great. I am looking for some advice. I am in college and need to do a project. Hoping to do one on VOIP and set up an actual voip system and hope to use 3cx.
I would like to somehow 'hack' into the voip system or intrude and be able to show this and then provide a solution or show i solved this security threat. I am a total newbie to this kind of area so any help or guidance is REALLY appreciated. Apologies if i haven't posted this in the right section.
Title: Re: Hello - new to this site and need a little help please
Post by: sil on November 10, 2010, 06:23:35 PM
What have you tried so far? How far have you gotten? What is your approach to this? How much do you know/understand about VoIP?
VoIP as a service is no different than email. Most "VoIP" in the sense of SIP registrations and or trunking is no different. There is going to be a username, password and registrar.
With this said there are two attack vectors to think about. The registrar and the end user. Attacking an end user yields you the ability to see/hear voicemail, place calls, etc. usually, these will have limited access/resources to do much via configurations
Attacking the registrar is no different than attacking any system. You're after administrative/root privileges. What services are running on the machine, are they vulnerable, if so, how. What can you gather/own/etc. That's all I'm willing to share right now. You have a baseline/framework to think about/work with. Guess I could supply more (http://secunia.com/advisories/22480) but as stated, this should give you enough to work with