Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Voice over IP voice messages can be seen and overheard by wireshark

a user put wireshark onto a voice port and was able to record other users voice mails. We are thinking about using port security to stop this but I think that spoofing the mac address of the phone would be to easy. I am not sure where a broadcast or multicast would take place for a user leaving a message. Is Call Manager involved, Unity or Exchange. Is there a way to make sure that all of the voice transmissions are unicast packets. Any help would be greatly appreciated because we would like to take the necessary precautions to avoid this at all cost.

Thanks,

3 REPLIES

Re: Voice over IP voice messages can be seen and overheard by wi

There is an option to disable the PC's access to the voice VLAN, have you disabled that?

I think it is under CM >> Device >> Phone (At the end of the page)

Regards

Farrukh

New Member

Re: Voice over IP voice messages can be seen and overheard by wi

this was not the issue. The user actually unplugged the phone all together.

Re: Voice over IP voice messages can be seen and overheard by wi

Ahh sorry for not reading your initial post clearly.

The user most probably used some manipulation of his NIC card to get into the Voice Vlan in the first place, a penetration testing tool commonly used for this is Voip Hopper:

http://voiphopper.sourceforge.net/

Detailed description of the attacks can be found on:

http://www.securityfocus.com/infocus/1892

And on this presentation, that I would highly recommend you should have a look at:

http://www.secureitconf.com/documents/VigilarVoIPHopperSecureITv1-1oSTROMANDkINDERVAG.pdf

The Cisco Solution (should be combined with other security best practices like port-security, etc.)

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/configuration/guide/swvoip.html#wp1050112

The specific command is:

switchport voice detect cisco-phone

I hope this helps you to take a step in the right direction to secure your VOIP network.

If you enforce this, the user cannot access the voice vlan in the first place, left alone listen to multicast/broadcast voice mails (which I doubt happened in the first place anyway). He most probably used one of the above techniques to capture the 'unicast' VOIP traffic.

Regards

Farrukh

261
Views
10
Helpful
3
Replies