05-28-2008 06:18 AM - edited 03-09-2019 08:47 PM
a user put wireshark onto a voice port and was able to record other users voice mails. We are thinking about using port security to stop this but I think that spoofing the mac address of the phone would be to easy. I am not sure where a broadcast or multicast would take place for a user leaving a message. Is Call Manager involved, Unity or Exchange. Is there a way to make sure that all of the voice transmissions are unicast packets. Any help would be greatly appreciated because we would like to take the necessary precautions to avoid this at all cost.
Thanks,
05-29-2008 02:09 AM
There is an option to disable the PC's access to the voice VLAN, have you disabled that?
I think it is under CM >> Device >> Phone (At the end of the page)
Regards
Farrukh
05-29-2008 03:51 AM
this was not the issue. The user actually unplugged the phone all together.
05-29-2008 08:43 AM
Ahh sorry for not reading your initial post clearly.
The user most probably used some manipulation of his NIC card to get into the Voice Vlan in the first place, a penetration testing tool commonly used for this is Voip Hopper:
http://voiphopper.sourceforge.net/
Detailed description of the attacks can be found on:
http://www.securityfocus.com/infocus/1892
And on this presentation, that I would highly recommend you should have a look at:
http://www.secureitconf.com/documents/VigilarVoIPHopperSecureITv1-1oSTROMANDkINDERVAG.pdf
The Cisco Solution (should be combined with other security best practices like port-security, etc.)
The specific command is:
switchport voice detect cisco-phone
I hope this helps you to take a step in the right direction to secure your VOIP network.
If you enforce this, the user cannot access the voice vlan in the first place, left alone listen to multicast/broadcast voice mails (which I doubt happened in the first place anyway). He most probably used one of the above techniques to capture the 'unicast' VOIP traffic.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: