Well, you can do ARP poisoning to launch a MITM attack, and intercept VoIP
calls, including DTMF tones. Then you can use a tone decoder to get the
confidential banking numbers that where keyed into the IVR.
Try using Cain for the VoIP intercept, and ToneDecoder for tone decoding.
- Sergio
-----Mensaje original-----
De: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] En
nombre de contebral (at) web (dot) de [email concealed]
Enviado el: Viernes, 18 de Julio de 2008 04:49 p.m.
Para: pen-test (at) securityfocus (dot) com [email concealed]
Asunto: VoIP Attacks
Hello Folks,
Classical Attacks vectors against VoIP like SPIT (VOIP SPAM) and VoIP
Phishing are well known and documented. i'm curious if there exists other
client side attacks against voip that may compromise confidential calls
e.g. Telephon Banking or similar applications.
THX
_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
calls, including DTMF tones. Then you can use a tone decoder to get the
confidential banking numbers that where keyed into the IVR.
Try using Cain for the VoIP intercept, and ToneDecoder for tone decoding.
- Sergio
-----Mensaje original-----
De: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] En
nombre de contebral (at) web (dot) de [email concealed]
Enviado el: Viernes, 18 de Julio de 2008 04:49 p.m.
Para: pen-test (at) securityfocus (dot) com [email concealed]
Asunto: VoIP Attacks
Hello Folks,
Classical Attacks vectors against VoIP like SPIT (VOIP SPAM) and VoIP
Phishing are well known and documented. i'm curious if there exists other
client side attacks against voip that may compromise confidential calls
e.g. Telephon Banking or similar applications.
THX
_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
__________ NOD32 3283 (20080721) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
[ reply ]