lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Mar 2005 20:00:47 -0500
From: Ryan Cummings <ryan.r.cummings@...il.com>
To: Atom Smasher <atom@...sher.org>
Cc: BugTraq@...urityfocus.com
Subject: Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability


Lingo only uses UDP ports 5060-5065, 1020-1030, 10000-20000.  You can
set your ATA device up behind a firewall/router just as long as your
forward these ports to it.  This will take care of the remote access
and still allow your normal VoIP service to work.  I'm away from home
right now but when I get back I'll take some time to analyze the
traffic it creates and report my findings.

Ryan


On Wed, 9 Mar 2005 14:26:57 -0500 (EST), Atom Smasher <atom@...sher.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> thinking out loud....
> 
> 1) does the ATA connect to the server by resolving a hostname?
> 
> 2) how do the ATA and server authenticate each other? is there any
> authentication?
> 
> 3) is traffic between the ATA and server encrypted? how is key-exchange
> handled?
> 
> part of the ATA configuration allows one to select DNS servers. this is
> normally done via DHCP, but may be entered manually. it may be possible
> for an attacker to change the DNS servers (to point to compromised DNS
> servers), become the "VoIP service provider" and intercept phone calls.
> this is, of course, a version of the man in the middle attack. depending
> on what (if any) authentication and/or encryption is done between the ATA
> and the server this may well be practical in the real-world.
> 
> if anyone has access to one of these ATAs (or similar) and some time do to
> any packet sniffing and traffic analysis i'm sure we'd all be curious what
> you find...
> 
> references:
> http://securityfocus.com/archive/1/392628/2005-03-06/2005-03-12/1
> 
> 
> - --
>         ...atom
> 
>  _________________________________________
>  PGP key - http://atom.smasher.org/pgp.txt
>  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
>  -------------------------------------------------
> 
>        An Inuit hunter asked the local missionary priest: "If I
>        did not know about God and sin, would I go to hell?"
>        "No," said the priest, "not if you did not know."
>        "Then why," asked the Inuit earnestly, "did you tell me?"
>                -- Annie Dillard, Pilgrim at Tinker Creek
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (FreeBSD)
> Comment: What is this gibberish?
> Comment: http://atom.smasher.org/links/#digital_signatures
> 
> iQEcBAEBCAAGBQJCL04GAAoJEAx/d+cTpVcivvMH/2imMlEyp6lZS1NuQnJGcl5f
> yO9HzfhlInkkGbiLV/zjdjZ2xiYwABG/01n1ZOEsyNeWvC+lG1ceS3K2utq7TRJj
> gYujoox4YRq3fzUDQyFxlN8aHm5h+1urD2AXqxXJjEPd7bMaZOVoCI4Y5Kk45OB4
> IOeXj2WcCa3vXLQ0a2LpuydhsaPK0fzut+XjmGolquVEMBwYruhsRS0ysEKD9+SE
> snAB4T08bJScDMOoAYGgQ2nTmMKDeBdEdZPHxOgdaGtuRBoNWLtFl3KAyWNs2TLP
> Mqo8DvoEF34gTd2apF8J2M6xKfgg4XS5gDRUZ9/SpuP+Dc69NdKraLyTZh2grVM=
> =f03j
> -----END PGP SIGNATURE-----
>


Powered by blists - more mailing lists