0Wning Networks With Voip And Web Attacks presented at OWASP BeNelux 2010

by Radu State (University of Luxembourg),

Tags: Infrastructure Firewall Exploitation Web Security

URL : http://www.owasp.org/index.php/BeNeLux_OWASP_Day_2010#tab=Conference.2C_December_2nd

Summary : Voice over IP is the current de facto technology for delivering voice data in both enterprise and service provider infrastructure. Although , security threats specific to VoIP signalling have been known for a while, few is known about cross-layer attacks in which Web enabled VoIP devices allow for efficient attacks against the VoIP infrastructure and general IT networks .
This talk will give a short introduction to VoIP and continue with a series of attacks that leverage SIP as efficient transport vehicle for billing attacks , disclosure attacks and network penetration. The talk will show how one single phone call can compromise even the best secured and hardened network perimeter .