Overlooked VoIP Security Issues? 42
penciling_in asks: "Voiponder is running an informative article identifying VoIP attacks, which are applicable to current systems but lack public awareness and are, for the most part, misunderstood. The author's primary purpose is to 'discuss two of the most well known attacks that can be carried out in current VoIP deployments. The first attack demonstrates the ability to hijack a user's VoIP Subscription and subsequent communications. The second attack looks at the ability to eavesdrop in to VoIP communications.' This leaves me begging the question: What other not-so-publicized VoIP security issues should companies be watching out for?"
Oreka (Score:4, Informative)
Disclaimer: I'm lead developer on Oreka.
You can very easily record all RTP traffic on a given ethernet span to wav files on disk using a sniffing tool such as http://www.oreka.org/ [oreka.org]. Most people don't use encryption yet in the VoIP field. This will catch SIP, H.323 and Cisco Skinny traffic, i.e. most of the existing traffic except IAX (asterisk) type traffic.