sorted by: recent | see :
popular
Content Tagged with id + caller
Samsung WT17200000128 Universal Black Leather Pouch
CLICK HERE >>> Price - $7.5“This sleek designed universal black pouch has been crafted to wrap your phone in genuine leather luxury and durable nylon. Stylishly tailored to ensure protection of your SAMSUNG wireless phone. Includes non-removable ...
how (not) to get your ex back
Just uploaded a short story showing how an unsolicited user can phone up a victim by knowing (or finding out) IP and port of the victim's VoIP phone. This story ties in with what we've been discussing in previous blog post.
You may check out the story here.
You may check out the story here.
how (not) to get your ex back
Just uploaded a short story showing how an unsolicited user can phone up a victim by knowing (or finding out) IP and port of the victim's VoIP phone. This story ties in with what we've been discussing in previous blog post.
You may check out the story here.
You may check out the story here.
Server impersonation and SIP
Was reading Sipera's latest advisories. The server impersonation advisory caught my eye mostly because we've seen something similar to this over here during testing. We hadn't published this information until now .. so here goes.
A good number of SIP softphones, and we would assume VoIP phones (hardware), will ring upon receiving an INVITE request. Three months ago we worked on 3 stories, two of which describe protagonists abusing this behavior and are still unpublished. I'm working on getting these two stories published soon.
As hinted by the Sipera advisory, this behavior has a few implications; major ones being that it can be abused for spamming and social engineering attacks.
These are the softphones that were found to display this behavior:
How do you test for this?
Use your favorite SIP phone to call an address like sip:whatever@192.168.1.1:5060, where 192.168.1.1 is the destination IP of the SIP phone. There is no need to spoof IP addresses or anything like that for the above. In the story (that I'll try to publish tomorrow), the attacker makes use of X-lite. If making use of X-lite, select the option "target domain" in the "Send outbound via:" config.
If you have any results please post a comment or send me an email.
A good number of SIP softphones, and we would assume VoIP phones (hardware), will ring upon receiving an INVITE request. Three months ago we worked on 3 stories, two of which describe protagonists abusing this behavior and are still unpublished. I'm working on getting these two stories published soon.
As hinted by the Sipera advisory, this behavior has a few implications; major ones being that it can be abused for spamming and social engineering attacks.
These are the softphones that were found to display this behavior:
- X-lite release 1011b
- Ekiga 2.0.11 (beta)
- SJPhone 1.65.377a
How do you test for this?
Use your favorite SIP phone to call an address like sip:whatever@192.168.1.1:5060, where 192.168.1.1 is the destination IP of the SIP phone. There is no need to spoof IP addresses or anything like that for the above. In the story (that I'll try to publish tomorrow), the attacker makes use of X-lite. If making use of X-lite, select the option "target domain" in the "Send outbound via:" config.
If you have any results please post a comment or send me an email.
Server impersonation and SIP
Was reading Sipera's latest advisories. The server impersonation advisory caught my eye mostly because we've seen something similar to this over here during testing. We hadn't published this information until now .. so here goes.
A good number of SIP softphones, and we would assume VoIP phones (hardware), will ring upon receiving an INVITE request. Three months ago we worked on 3 stories, two of which describe protagonists abusing this behavior and are still unpublished. I'm working on getting these two stories published soon.
As hinted by the Sipera advisory, this behavior has a few implications; major ones being that it can be abused for spamming and social engineering attacks.
These are the softphones that were found to display this behavior:
How do you test for this?
Use your favorite SIP phone to call an address like sip:whatever@192.168.1.1:5060, where 192.168.1.1 is the destination IP of the SIP phone. There is no need to spoof IP addresses or anything like that for the above. In the story (that I'll try to publish tomorrow), the attacker makes use of X-lite. If making use of X-lite, select the option "target domain" in the "Send outbound via:" config.
If you have any results please post a comment or send me an email.
A good number of SIP softphones, and we would assume VoIP phones (hardware), will ring upon receiving an INVITE request. Three months ago we worked on 3 stories, two of which describe protagonists abusing this behavior and are still unpublished. I'm working on getting these two stories published soon.
As hinted by the Sipera advisory, this behavior has a few implications; major ones being that it can be abused for spamming and social engineering attacks.
These are the softphones that were found to display this behavior:
- X-lite release 1011b
- Ekiga 2.0.11 (beta)
- SJPhone 1.65.377a
How do you test for this?
Use your favorite SIP phone to call an address like sip:whatever@192.168.1.1:5060, where 192.168.1.1 is the destination IP of the SIP phone. There is no need to spoof IP addresses or anything like that for the above. In the story (that I'll try to publish tomorrow), the attacker makes use of X-lite. If making use of X-lite, select the option "target domain" in the "Send outbound via:" config.
If you have any results please post a comment or send me an email.