Results 1 to 4 of 4

Thread: Expert's help needed

  1. #1
    Just burned his ISO
    Join Date
    May 2010
    Posts
    2

    Default Expert's help needed

    Hi,

    I just joined this forum and was reading some posts. I see most of the members in expert forum can give valuable suggestions which can be beneficial for me. I believe your advanced level knowledge to guide me.

    Actually I am doing a masters level project at university. The topic I selected (by mistake, because I was not aware that this will be very tough for me) was Security issues and their mitigation for long distance calling in VoIP.

    I have done research work, have found good material, but everything is just theoretical rather that practical.

    What I want, to make a small scenario of hacking, and then show some solution to prevent that. And I have only 3 computers in my home which I can use for this project and I do not have access to any lab or some big VoIP infrastructure. I have broadband in my house hence one wireless router with 3 ethernet ports as well.

    All the literature review just show that you should use this kind of hardware, this kind of software, use ACL, ALG etc etc.............. but I think I can only use that If I have access to some big VoIP infrastructure. then I can create hacking scenario and then solution as well. I mean I can use some tools to diagnose and can put the screen shots into my dissertation.

    But as I told, I need to do in home network, want to show a small scenario of ANY voip security issue (one or two security problems) and then show some solution to prevent them.

    I have a big big hope that you will be able to guide me in right direction that how I should proceed. I have completed research work but nothing about implementation and I need to submit on 2nd June 2010.

    Even if there is some way that I can show some scenario/drawback in VoIP using BT, and then show some preventive measures for that, attach screenshots and give some details, it will be allright.

    If some expert member have some good books or articals, please guide me with the link so that I can get benefit from them.

    I will really appreciate your favor and concern and help so that I can pass my project.

    Hoping for your reply.

    Regards,

    If this is not related quesiton with expert forum, then I do apologize and will not post any further post like this on the expert forum. I will then start from the scratch with the beginners forum.

  2. #2
    Moderator fancy's Avatar
    Join Date
    Jan 2010
    Posts
    204

    Default Re: Expert's help needed

    Please use a more descriptive title for your post!!

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Expert's help needed

    If I am reading what you are asking for correctly, you want to do something similar to the following:

    Use PC1 and PC2 as VoIP conversation people. Use PC3 as your backtrack attacker. Kick off a MiTM from PC3 to intercept traffic between PC1 and PC2, then use a tool like ucsniff to intercept it.

    Assuming the broad terms are correct, some possible preventions of intercepting VoIP traffic are:

    * VoIP-specific VPN technology (i.e. run a VPN from your VoIP box or a piece of hardware directly attached to it to your VoIP-to-PSTN gateway)
    * SSL connections between VoIP client and VoIP server
    * SSL connections between VoIP clients (direct attach - IIRC iChat does this)
    * Properly secured SSL certificates

    There are probably others. Basically VoIP is just normal network traffic - if it's not locked down with a VPN, SSL, PKI or some other encryption technology (SSH) it's more than likely intercept-able and breakable. Networking 101.
    Last edited by Gitsnik; 05-19-2010 at 07:12 AM. Reason: My bb-code-fu is really weak with lists
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  4. #4
    Just burned his ISO
    Join Date
    May 2010
    Posts
    2

    Default

    Quote Originally Posted by fancy View Post
    Please use a more descriptive title for your post!!
    Sorry. I have checked all the options but cannot find any option to edit the title. Next time I will be careful to avoid more penalties.

    Regards,

    Quote Originally Posted by Gitsnik View Post
    If I am reading what you are asking for correctly, you want to do something similar to the following:

    Use PC1 and PC2 as VoIP conversation people. Use PC3 as your backtrack attacker. Kick off a MiTM from PC3 to intercept traffic between PC1 and PC2, then use a tool like ucsniff to intercept it.

    Assuming the broad terms are correct, some possible preventions of intercepting VoIP traffic are:

    * VoIP-specific VPN technology (i.e. run a VPN from your VoIP box or a piece of hardware directly attached to it to your VoIP-to-PSTN gateway)
    * SSL connections between VoIP client and VoIP server
    * SSL connections between VoIP clients (direct attach - IIRC iChat does this)
    * Properly secured SSL certificates
    Thanks for your reply,

    They all exist in theory but how can I do SSL at home level ?
    Is it easy to show with me?

    Regards,
    Last edited by Archangel-Amael; 05-19-2010 at 01:04 PM.

Similar Threads

  1. Help needed on installing BT4 to HDD
    By noname640 in forum OLD Newbie Area
    Replies: 5
    Last Post: 12-26-2009, 05:19 PM
  2. Help needed plz...
    By darkshad0w in forum OLD BackTrack 4 General Support
    Replies: 1
    Last Post: 09-16-2009, 06:24 AM
  3. Help needed
    By Mugger in forum OLD General IT Discussion
    Replies: 15
    Last Post: 01-17-2008, 02:44 AM
  4. How many IV's needed when PTW method used ?
    By Ramzi in forum OLD Newbie Area
    Replies: 9
    Last Post: 11-02-2007, 02:46 PM
  5. Help needed
    By jun-jin in forum OLD Newbie Area
    Replies: 17
    Last Post: 09-01-2007, 07:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •