Comments on: SIPtap Hysteria http://mrblog.org/2007/11/23/siptap-hysteria/ Mr Blog. Very technical, or silly, sometimes absurd. Wed, 16 May 2012 18:11:13 +0000 hourly 1 http://wordpress.org/?v= By: sandro gauci http://mrblog.org/2007/11/23/siptap-hysteria/comment-page-1/#comment-783 sandro gauci Tue, 27 Nov 2007 21:35:44 +0000 http://mrblog.televolution.net/?p=361#comment-783 s/arp spoofing/arp poisoning/ <br /> <br /> re getting access to the POTS .. yea thats probably possible as well.. and might be easier to do than most network-based attacks if the network is configured correctly ;) s/arp spoofing/arp poisoning/

re getting access to the POTS .. yea thats probably possible as well.. and might be easier to do than most network-based attacks if the network is configured correctly ;)

]]> By: Hadriel http://mrblog.org/2007/11/23/siptap-hysteria/comment-page-1/#comment-782 Hadriel Tue, 27 Nov 2007 20:06:32 +0000 http://mrblog.televolution.net/?p=361#comment-782 Tell me how you doing ARP spoofing can let you wiretap my voip phone calls. Unless you're on my local LAN, you can't. And unless you're in the range of my wireless LAN and I decide to leave it unencrypted, you can't sniff my calls there either. If you're able to get access to those, you're probably able to get access to the POTS lines that ran from my legacy phone too, and that was tappable.<br /> <br /> Again, this isn't a surprise, new, or rocket science. HTTP, POP3, SMTP, Telnet, etc. are all exposed to sniffing unless they are explicitly protected too (e.g., through SSL/TLS, SSH, etc.). Tell me how you doing ARP spoofing can let you wiretap my voip phone calls. Unless you’re on my local LAN, you can’t. And unless you’re in the range of my wireless LAN and I decide to leave it unencrypted, you can’t sniff my calls there either. If you’re able to get access to those, you’re probably able to get access to the POTS lines that ran from my legacy phone too, and that was tappable.

Again, this isn’t a surprise, new, or rocket science. HTTP, POP3, SMTP, Telnet, etc. are all exposed to sniffing unless they are explicitly protected too (e.g., through SSL/TLS, SSH, etc.).

]]> By: sandro gauci http://mrblog.org/2007/11/23/siptap-hysteria/comment-page-1/#comment-781 sandro gauci Mon, 26 Nov 2007 10:44:50 +0000 http://mrblog.televolution.net/?p=361#comment-781 I agree that this is old news and definitely not as easy as the author of the tool claims it to be. <br /> <br /> But do keep in mind technologies such as wireless and attacks such as arp spoofing and how they relate to VoIP wiretapping ;)<br /> <br /> ive been commenting on this on my blog http://sipvicious.org/ btw I agree that this is old news and definitely not as easy as the author of the tool claims it to be.

But do keep in mind technologies such as wireless and attacks such as arp spoofing and how they relate to VoIP wiretapping ;)

ive been commenting on this on my blog http://sipvicious.org/ btw

]]> By: Hannes http://mrblog.org/2007/11/23/siptap-hysteria/comment-page-1/#comment-780 Hannes Sun, 25 Nov 2007 19:52:45 +0000 http://mrblog.televolution.net/?p=361#comment-780 Indeed it is silly that Peter Cox's SIPtap program is getting press. First, it's immediately obvious to anyone with even minimal knowledge of networking that if you have access to the packets of a VoIP flow (or for that matter any other unencrypted network flow), you can reconstruct the data.<br /> <br /> Also as you note, VoIPong and Vomit and Wireshark already existed, making it hard to see exactly what concept is being proved here, other than that with enough hype you can get your name in the paper. Indeed it is silly that Peter Cox’s SIPtap program is getting press. First, it’s immediately obvious to anyone with even minimal knowledge of networking that if you have access to the packets of a VoIP flow (or for that matter any other unencrypted network flow), you can reconstruct the data.

Also as you note, VoIPong and Vomit and Wireshark already existed, making it hard to see exactly what concept is being proved here, other than that with enough hype you can get your name in the paper.

]]> By: Randy R http://mrblog.org/2007/11/23/siptap-hysteria/comment-page-1/#comment-779 Randy R Sat, 24 Nov 2007 17:32:51 +0000 http://mrblog.televolution.net/?p=361#comment-779 Interesting article. <br /> How about joining us on the VOIP Users Conference some Friday? We'd love to hear more about PhoneGnome. We're asterisk/voip geeks located all over the world.<br /> <br /> http://www.VoipUsersConference.org Interesting article.
How about joining us on the VOIP Users Conference some Friday? We’d love to hear more about PhoneGnome. We’re asterisk/voip geeks located all over the world.

http://www.VoipUsersConference.org

]]>