hpcitizen Posted February 3, 2015 Share Posted February 3, 2015 Hello everybody my name is Harry, I work for a E recycler I watch over their network while ensuring data destruction of devices for the facility. Today I was hit with a SIP Scanner, the admins were getting ghost calls while I was out at lunch. I blocked the offending IP and closed Port 5060. My question for the Forum, What can I do to test my network vulnerability for the SIP Scanner? Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 3, 2015 Share Posted February 3, 2015 You could probably get permission from your boss to perform an assessment with a SIP scanner yourself. Then you could find which servers are responding to it. I don't know much about this but here is something I found through a Google search. http://serverfault.com/questions/549134/how-can-i-stop-sipvicious-friendly-scanner-from-flooding-my-sip-server You could use SIPVicious to run your own scan. Quote Link to comment Share on other sites More sharing options...
hpcitizen Posted February 3, 2015 Author Share Posted February 3, 2015 Thank you, sounds like my only option. I have never heard of a SIP Scanner until today too, this is my first network with VoIP phones. Quote Link to comment Share on other sites More sharing options...
newbi3 Posted February 3, 2015 Share Posted February 3, 2015 (edited) You should have all of the voice traffic on a separate vlan and restrict access to it. Make sure DTP is disabled on the switches. While a friend of mine was working on his cisco certs we had a lot of fun at the school vlan hopping and sniffing VoIP traffic, security cameras were a little different harder, they were doing some compression that we never figured out so we never got the complete image. Still had a lot of fun Edited February 3, 2015 by newbi3 Quote Link to comment Share on other sites More sharing options...
hpcitizen Posted February 3, 2015 Author Share Posted February 3, 2015 The VoIP are already on a separate Vlan, ran into that issue first week with call quality. I do believe DTP is already disable, but I did have some else install a new switch when we took out the inventory server. My boss is currently installing Security Cams, he is paranoid so the cams do not touch the networks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.