By Robert Vamosi
September 26, 2008
Jason Ostrom of VoIP Hopper on Saturday plans to release his
next-generation VoIP sniffer at Toorcon in San Diego to help raise
awareness of the type of vulnerabilities businesses face as they adopt
unified communications (UC) technology.
He told CNET News that the tool, UCSniff, has two settings. One is a
learning mode, sniffing all the IP traffic then mapping telephone
extensions to specific addresses. By default, it is capturing all the
calls and saving them to wave files.
The other setting is a bit more creepy: targeting conversations. After
learning the IP addresses of the phone system, someone using UCSniff can
listen to all the VoIP, or voice over Internet Protocol, conversations
made by a specific user, say the CEO. That's user mode. A second mode,
conversation mode, allows someone to monitor calls made exclusively
between two extensions, say only when the CEO calls the CFO.
"So it's like dynamic ARP poisoning," Ostrom explained, referring to
Address Resolution Protocol spoofing. "The tool, on the fly, figures out
how to do the ARP poisoning for you so you're not intercepting the
traffic of phones that you do not want to intercept."
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!