|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mOses (trklisted
networksamurai.org)
Date: Sun Jun 01 2008 - 08:37:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
You need to look at the overall characteristics of what makes a SIP
phone work.
TCP/UDP 5060 for SIP
TCP/DUP 5061 for SIP TLS/SSL
Now what would be really nice is a DNS kind of thing where you could
look for SRV records of
_SIP, _SIPS, SIP.domain.com, etc to locate the SIP server :D
M
On May 28, 2008, at 6:52 PM, Sergio Castro wrote:
> Hi Jason,
>
> Thank you for your comments, I appreciate it.
> Indeed you are right, SIP runs on UDP on 5060. The TCP socket
> connection
> only tests if the port responds. Do you think it would be better to
> use UDP?
>
> I did think about adding 5061, but given the unfortunate fact that
> TLS is
> hardly ever used, and also to make the scan faster, I left it out
> for the
> time being. But I will add it in future versions.
>
> Thanks! :)
>
> Regards,
>
> Sergio
>
> -----Mensaje original-----
> De: Jason Ross [mailto:algorythmgmail.com]
> Enviado el: Miércoles, 28 de Mayo de 2008 04:58 p.m.
> Para: Sergio Castro
> CC: pen-testsecurityfocus.com
> Asunto: Re: Sipflanker finds fulnerable Web GUIs deployed by IP
> phones and
> PBXs
>
> On Tue, May 27, 2008 at 4:00 PM,
> Sergio Castro <sergio.castrounicin.net> wrote:
>
>>
>> What the application does is search the range of IPs you specify, and
>> checks if port 5060 is available. Whether open or close, port usually
>> 5060 indicates the presence of a SIP device.
>> Then it checks if port 80 (http) is open.
>
> Looking through the code, it's a very decent start, and a good idea
> IMO.
>
> One thing you may want to consider is that SIP generally runs on UDP/
> 5060.
>
> Your portscan.py script calls both port 80 and 5060 with AF_INET and
> SOCK_STREAM which would mean TCP both times.
>
> It may make sense to break the SIP scan out such that it checks for
> both UDP
> and TCP port 5060 (and you may also want to add TCP/5061 to the mix,
> as
> SIP/TLS generally uses that port.)
>
> Other than that, like I said, a decent bit of work I think.
>
> Regards,
> Jason
>
> __________ NOD32 3142 (20080528) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]