Thursday, November 22, 2007

SIPtap (A Proof of Concept Tool), Taps into SIP Based VoIP Calls Records Them.

I have mentioned security issues involving VoIP IP Telephony as close as few weeks ago as well as two years ago!
Today I hear and see another side of it. Proof of concept of wire tapping and recording of VoIP conversations. The Proof of concept tool called SIPtap is able to monitor multiple Voice-over-IP calls in SIP, listen and record them. for remote inspection as .wav files. The tool could be deployed on client side or in the middle man domain, ISP.
The creator of Proof of concept tool
is Peter Cox, who co-founded firewall vendor BorderWare. He since left BoderWare to start his own VoIP company, so far only known as VoIPCode.org. (The last time I checked, the domain is still registered under Borderware.
The site offers a few stepping stones into the security world of VoIP,
VoIP Security Threats (Video Podcast) which is playable below.
A VoIP Threat Taxonomy (White Papaer) (Which is different from what I reported here from VOIPSA, two years ago.)
Asterisk SIP Registration Vulnetabilities and Limitations(White Papaer)
But I am most interest in " Asterisk SIP Registration Vulnetabilities and Limitations" which I am yet to digest.
All could be accessed from the link below.


Peter also has a seminar analyses the threats facing VoIP networks and includes practical demonstartions of many of the threats described in the above white paper collection. It is a 3 day course.
Get more information at VoIPCode.ORG.

0 comments:

Blog Widget by LinkWithin