[Asterisk-Dev] OMG THE SKY IS FALLING!! NOT!!!

Peter Braidwood Peter at braidwood.co.uk
Sat May 15 15:49:40 MST 2004


Switched networks offer no real protection just a feeling of security which can be more dangerous. 

You do not have to be a 'network admin' to sniff traffic in a switched network environment, even the 'Willy' in the post room can sniff the traffic by downloading and using some fairly simple tools.

Download http://ettercap.sourceforge.net and have a go at your own network if you are not convinced.

Peter

-----Original Message-----
From: Sam Bingner [mailto:sam at bingner.com]
Sent: 15 May 2004 11:37 PM
To: asterisk-dev at lists.digium.com
Subject: RE: [Asterisk-Dev] OMG THE SKY IS FALLING!! NOT!!!


True it's very weak, BUT if you read this article it sounds like anybody
in the world can listen to any call they like...

>What sorts of vulnerabilities exist? Let's start with the basics. Because
>most VOIP traffic over the Internet is unencrypted, anyone with network
>access can listen in on conversations. That means Willy in the mailroom
>can overhear your CEO and HR director discuss the latest round of
layoffs.

That, unless you have a REALLY AWFUL network is completely incorrect.  You
can only see that traffic when in a non-switched network, and when you
happen to be on the same subnet.  Most places now use switches, so unless
you are able to get into the switch config, you can't see what is going
on.   This means that in practice, only your network admins will really be
able to snoop on phone calls...


________________________________________________________________________
This email has been scanned for all viruses by the Star Internet Virus Screen.
The service is provided in partnership with MessageLabs, the email security company.
For more information on a higher level of virus protection visit www.star.net.uk
________________________________________________________________________



More information about the asterisk-dev mailing list