8

Any one have any experience in testing ISDN based VC systems?

What approach did you take, tools used? How did you approach fuzzing the protocol?

What resources did you read up on prior to testing?

David Stubley
  • 2,896
  • 1
  • 19
  • 29
  • I also have some video conference systems which I would love to do some testing on. However these systems are not ISDN based, but uses xDSL/Fiber. Is there any difference you think? – Chris Dale Dec 21 '10 at 08:16

2 Answers2

3

I have had limited exposure to this - but the main attack routes I have found successful in Video and VOIP have always been misconfigured H.323 gateways - it can be very difficult to set up H.323 and the associated protocols correctly, as each vendor seems to implement things differently. Symantec had a useful list of 20 rules in this paper - well worth having a look.

Rory Alsop
  • 61,507
  • 12
  • 118
  • 322
3

More important than fuzzing the implementation, is wether the conversation itself is secure. Most VOIP implementations don't encrypt the conversation. Capture a call session with tcpdump or wireshark and run the capture through Cain & Able to see if you can extract an audio stream.

bahamat
  • 1,121
  • 8
  • 11