[Freeswitch-users] Viproy VOIP pen testing metasploit plugin

[Mitch Capper]

Hi Guys,
Sadly every year ClueCon overlaps with my travel for defcon/blackhat but
this year there was a fairly interesting tool released found at
http://viproy.com/ for metasploit.   It allows for a very large and robust
set of VOIP attacks from DOS and fuzzing to some interesting manipulation
support.

It is not a point and go tool to get the most benefit but can certainly
stress a variety of things on a VOIP server.

I haven't had a chance to do too many fuzzing and depth attacks although on
an old FS server I had it was vulnerable to an invite attack (most likely
due to a configuration error on my part, although I didn't change my acl
settings much on the updated server so I am not sure).

If you use TLS only with certificate validation though you are secure
against just about any sort of attack:)

~mitch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130916/12df3891/attachment.html