Black Hat Researchers Go for IAX and H323
Written by martyndavies on Aug 13, 2007 - 02:24 PM
Researchers from iSEC Partners recently showed some exploits on H323 and IAX systems at the Black Hat conference in the USA. They also published the exploits at their website so that others can experiment.
Interesting to see someone talking about IAX and H323 rather than the usual focus on SIP, and a number of different areas are covered including spoofing, replay, monitoring and DoS. A couple of their attacks use weaknesses in the MD5 digest algorithm, which has been receiving some punishment in the last couple of years. Attacks using so-called rainbow tables (tables of pre-calculated digests) can be very effective for guessing passwords, especially if the passwords concerned are short and with a limited length and character choice, for example only PIN digits that can be entered from a phone.
More:
iSEC Partners
NetworkWorld
Interesting to see someone talking about IAX and H323 rather than the usual focus on SIP, and a number of different areas are covered including spoofing, replay, monitoring and DoS. A couple of their attacks use weaknesses in the MD5 digest algorithm, which has been receiving some punishment in the last couple of years. Attacks using so-called rainbow tables (tables of pre-calculated digests) can be very effective for guessing passwords, especially if the passwords concerned are short and with a limited length and character choice, for example only PIN digits that can be entered from a phone.
More:
iSEC Partners
NetworkWorld
| Forum Rules and Guidelines | About VoIP User | Privacy Policy |
All logos and trademarks in this site are property of their respective owner. Comments and posts are property of the poster, all the rest (c) 2003-2008 VoIP User Limited. VoIP User Limited is incorporated in England and Wales under Company Number 6694577. No part of this site may be reproduced without our prior consent. |
