TryPot2 (November 30, 1999 at 12:00 am)

Absolutely not!Most of the attacks in the video use perfectly legal VoIP protocol messages, a standard Firewall (windows or otherwise) does little to block these messages.

haccduder (November 30, 1999 at 12:00 am)

Loved the demo. I'm actually putting together a presentation about VoIP security issues for a class, but to actually see a few attacks carried out and the ease in which some were done really peaks my curiosity on the issue.

blancoh (November 30, 1999 at 12:00 am)

why would it be the last thing a hacker thinks about? Eavesdropping on corporate secret conversations seems well worthy of doing. Remember statistically speaking most hacks are done internally possibly by employees themselves. To say this is the last thing a malicious person shows your ignorance. This video shows a real threat to businesses worldwide since the inception of VOIP.

gurudeveloper (November 30, 1999 at 12:00 am)

1. "planting a trojan" == sitting on router. 2. "planting a trojan" is a threat itself , if a host compromised and there is a trojan, voip is one of the last things you should think about.

TryPot2 (November 30, 1999 at 12:00 am)

Not all of the threats I demonstrate require capturing sniffer traces, but yes I could make a video based on monitoring email. This is a risk which is exactly why sensitive email needs to be encrypted. The reason for the Video is to highlight the risks of VoIP, I do not claim that there are no solutions.

TryPot2 (November 30, 1999 at 12:00 am)

The assumption that you need to sit on your own router is wrong. Some of the attacks shown can be launched remotely. Even for those that require traffic monitoring can be done in other ways, for example planting a trojan on the target's computer. The point of this video is to illustrate just some of the security threats that face VoIP networks, there are others. As for the comment that this is for people who don't even know how SIP works in modern implementations, this is probably the majority.

AwardConsulting (November 30, 1999 at 12:00 am)

Very useful information. Thank you for sharing this with people. Look forward to having tools to protect VOIP traffic.

unaizu (November 30, 1999 at 12:00 am)

Hey I guess we are assuming a lot of things here.Come on, you could also make a video where you capture sniffer traces of all the private emails and transactions from a company.Going though the internet or a network doesn't mean that you can sniff all the traffic or inject traffic on it, there are plenty of methods to avoid this happening!of course if someone doesn't configure the right security levels I guess is digging his/her own grave :).

gurudeveloper (November 30, 1999 at 12:00 am)

Bullshit, you need to sit on router to perfom all those tricks , and if your router compromised , voip is the last thing you should think about.This video affects those people who doesn't know how SIP works in modern implementations (Asterisk, SER, Cisco etc). Damn! they even doesn't know how switches work..

TryPot2 (November 30, 1999 at 12:00 am)

The demos shown in the video use my own sip testing tools. These are not publicly available