Internet Phones

  • Profile:

  •     Internet phones often make themselves out to be a secure alternative to both email and regular telephones. Unless they're using strong encryption however, this 'security' is a dangerous illusion. Many internet telephones use a protocol known as "RTP", Real Time Protocol. RTP itself is encoded and compressed for transmission making it impossible to simply connect a telephone to the data line and listen in, but making the audio vulnerable to an attack called "packet analysis" or "packet sniffing". VoIP surveillance is certainly possible however with the release of the Digital Network Analyzer 323 by TTC. The DNA 323 automatically intercepts, decompresses and decodes all VoIP audio travelling over it's network. The company itself admits that it has the potential for clandestine surveillance.

  • Detection:
  • Detection of packet analyzers is best attempted by checking all network cards for 'promiscuous mode' operation. When network cards are in this mode they are intercepting all traffic, instead of just the traffic intended for them. Network cards in promscuous mode can be detected with the program AntiSniff <>, available from the L0pht; or via OS specific techniques outlined in the Sniffer FAQ <>.

  • Countermeasures:
  • Packet sniffing attacks can be defeated through the use of active hubs, which route traffic only to the intended address. The use of encrypting internet telephones makes still allows such interception, but decrypting the voice stream will be next to impossible.