[asterisk-users] Security tests

Fri Apr 23 20:38:49 CDT 2010

On Fri, Apr 23, 2010 at 9:14 PM, Daniel Bareiro <daniel-listas at gmx.net>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> El jueves 22 de abril del 2010 a las 14:33:01 -0300,
> Philipp von Klitzing escribió:
>
> > Hi!
>
> Hi, Philipp.
>
> >> But it draws attention to me between the PC with softphone and the
> >> telephone I see traffic ARP or ICMP that could make to try between
> >> the equipment but does not see RTP. Is there some special
> >> consideration that it must to observe?
>
> > Your English is seriously twisted, making your question impossible to
> > understand. My feeling is that you have used a machine translation
> > service.
> >
> > Your question is probably:
> > "I can see ARP and ICMP, but not RTP, what am I missing?"
>
> Perhaps it was not very clear, but yes, I was talking about this. I
> believe that I found the cause of the problem. The cause by which I was
> not seeing VoIP traffic between 10.1.0.38 and 10.1.0.65 is because there
> is no direct traffic among them but that is between each party and the
> Asterisk server :-) So using ettercap with de IP of Asterisk server and
> 10.1.0.65 I can now capture and play calls from this IP to 10.1.0.38 or
> vice versa.
>
> But I'm noticing that playing from Wireshark it can be heard delayed. Is
> it normal to happen?
>
> On the other hand, I had to change the order of preference of the codecs
> in the sip.conf so that G711 is preferred over GSM, because it was
> configured in a reverse order of preference and I see that the RTP
> player of Wireshark does not support GSM. Do you know any
> way to play GSM directly from the captured packets?
>
> > How did you place your virtual "listening" machine into the network,
> > is it connected to an old hub, or a switch, or the mirroring port of a
> > switch, or does it use the same NIC (and computer) as the softphone?
> > You will first need to get "in between" the two endpoints in order to
> > be able to capture that point-to-point RTP traffic - there are
> > "normal" and "malicious" ways to achieve that.
>
> I have a switch that connects to the phone (10.1.0.38), PC with
> softphone (10.1.0.65), the Asterisk server and a VMHost that has the
> virtual machine where I use ettercap and tcpdump.
>
>
> Thanks for your reply.
>
> Regards,
> Daniel
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkvSRfcACgkQZpa/GxTmHTfCzQCdHhYG9ur6tuM+sd7q/v0on9RL
> pvAAnRw9coB7mtsF7PBFj0fQJ6mTw5Oo
> =3gN6
> -----END PGP SIGNATURE-----
>
>
> Check out *Cain* & *Abel* http://www.oxid.it/ and OrecX
http://www.orecx.com/web/products-orekagpl.php.  Oreca will run just fine on
your Asterisk box.

I am not sure what kind of security audit you are trying to do.  What you
propose is simple and simply the way things work, it is not security.

Thanks,
Steve T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100423/a82e9c4a/attachment.htm 