[Asterisk-Users] Cordless vs Wireless phones
Giles Scott
gscott at scott.swiftserve.net
Tue Nov 9 05:18:07 MST 2004
Hi
I did some testing with AirCrack against a Senao si-7800 and an AP (WEP
128bit key).
Aircrack cracked the 128bit WEP key after 20 minutes. (there was a
continuous voice call going on during that period).
Senao Wifi phones leak weak IV's once a minute or so (Airsnort would take
days to crack the key).
Also running Nessus (http://www.nessus.org) against the phones show several
vulnerabilities;
ZyXEL P-2000(version WJ.00.0f);
1. WEP implementation is poor. The phone I have sends out WEP packets with
the IV always set to 0x000000 (not from Nessus)
2. Vulnerable to 'Etherleak'
3. Answers TCP packets sent from multicast address (spank)
4. Does not discard TCP SYN packets with FIN flag set.
Senao SI-7800 (version 0.03.0004 date 2004.10.07)
same as above plus;
1. WEP Leaks weak IV's (not from Nessus)
2. TCP sequence number prediction very poor - Class=64K, Difficulty=1
(Trivial Joke)
3. Responds to ICMP timestamp request
4. The phone crashed during extended tests, so unable to complete Nessus
scan.
Grandstream BT-101's don't do very well either but I posted a message to the
support department, If I don't here back I'll post the results. They are not
so much of a risk as they are on the wired side.
Cheers
Giles
----- Original Message -----
From: "Harry McGregor" <hmcgregor at espri.arizona.edu>
To: "Asterisk Users Mailing List - Non-Commercial Discussion"
<asterisk-users at lists.digium.com>
Sent: Monday, November 08, 2004 11:14 PM
Subject: RE: [Asterisk-Users] Cordless vs Wireless phones
> On Mon, 2004-11-08 at 16:27 -0600, Michael Giagnocavo wrote:
>> >The WiSIP phone supports WEP 128 encryption. Not sure if it supports WPA
>> >encryption, but that'd be your best bet. I'd use maximum encryption, and
>> >separate your AP from your regular network. Just plug an AP into another
>> >Ethernet card on your Asterisk server. The phones only need to talk to
>> >the
>> >Asterisk server, no internet access or anything else. So even if
>> >somebody
>> >spent the time it'd take to break the encryption, they don't get
>> >internet
>> >or
>> >access to workstation or servers or anything.
>>
>> WEP is quite broken. Probably not even worth enabling, even with 128-bit
>> key
>> lengths. Then again, if they are using analog cordless phones, those are
>> probably purely unencrypted, so it's pretty much the same.
>
> WEP is not as broken as you might think, it takes a fair amount of time
> and traffic to break. It is also statement of "this network is not for
> you", and thus you have a far better claim at breaking and entering that
> you do without wep.
>
> Think of it as a dinky little $0.50 padlock on your storage shed. If a
> thief cuts the lock, they are in a lot more trouble than just opening
> the door.
>
> Separate WLAN (ie not with your normal phones, and not with your
> workstations), and WEP (even 64 bit) will keep people out of it. Not
> having a default route as well will help if they do break in, and MAC
> address locking on the AP is another good one to use.
>
> All of these together, like car thief's, will drive the person on to the
> next AP, instead of working on breaking into yours.
>
> Harry
>
>> -Michael
>>
>> -----Original Message-----
>> From: asterisk-users-bounces at lists.digium.com
>> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Kubat,
>> Philip
>> Sent: Monday, November 08, 2004 2:19 PM
>> To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
>> Subject: [Asterisk-Users] Cordless vs Wireless phones
>>
>> We currently have an Asterisk installation and need to add cordless /
>> wireless phones. Requirements are these phone need to be equals to the
>> "wired" devices, i.e. dedicated buttons for hold, transfer, etc. , e.g.
>> not
>> an ATA connected analog phone cordless phone. Was thinking of using
>> 802.11b
>> SIP phones (etc), but this opens up all the security concerns of 802.11
>> and
>> the network. Do any of these phone support VPNs? Have to isolate the
>> WLAN
>> from the LAN.
>>
>> If not is there a SIP (or any other Asterisk channel) device that is a
>> "cordless phone". Some things like combining an ATA w/a cordless phone?
>> But as one device with all the "digital" features?
>>
>> Thanks!
>> Phil
>>
>> _______________________________________________
>> Asterisk-Users mailing list
>> Asterisk-Users at lists.digium.com
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>>
>> _______________________________________________
>> Asterisk-Users mailing list
>> Asterisk-Users at lists.digium.com
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>> _______________________________________________
>> Asterisk-Users mailing list
>> Asterisk-Users at lists.digium.com
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
> --
> Harry McGregor, Computing Manager
> Tucson Support Group - U.S. Geological Survey
> University of Arizona - Environment and Natural Resource Building
> 520-670-5574 (office) - hmcgregor at espri.arizona.edu
> 520-661-7875 (Cell) - hmcgregor at usgs.gov
>
> The opinions/statements expressed herein are my own and should
> not be taken as a position, opinion, or endorsement of the
> University of Arizona or the U.S. Geological Survey.
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list