Business IT - Technology for your business

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

read more

UCSniff – VoIP ‘Security Tool’ Released

Business IT - Security

In the last couple of hours, Sipera VIPER Lab finally announced the availability of UCSniff v1.0.  This is a ‘security tool’ intended to test for the threat of unauthorised eavesdropping.

According to the website on SourceForge, UCSniff has the following major features:

Allows targeting of VoIP Users based on Corporate Directory and/or extensions

Automatically re-creates and saves entire voice conversations to a single file that can be played back by media players

Support for G.722 and G.711 u-law compression codecs

Automated VLAN Hop and Discovery support

A VoIP Sniffer combined with a MitM re-direction tool

Monitor Mode

UCSniff will run in either Monitor mode (passive eavesdropping) or in man-in-the-Middle mode where ARP-poisoning is used to spoof all service addressing.

VoIP installations running on Cisco IP Phones run a corporate directory, permitting UCSniff to monitor and track calls either by MAC address, IP address of user name.

Two additional tools are available with UCSniff – ACE permits the rapid reading (and storage) of the Cisco telephone directory and ARPsaver will re-establish the correct ARP settings in the event of an unexpected crash.

UCSniff is released under the GPLv3 licence and may be freely downloaded here.  Jason Ostrom and Arjun Sambamoorthy, principal developers at Sipera VIPER Lab recommend running UCSniff on BackTrack Linux and note that future versions will support Windows and also H.264 Video capture.

As always, they insist that you only run this tool on a network where you have permission to do so, purely for research purposes, of course.  UCSniff is intended to “help understand the risk of VoIP Eavesdropping so that security in the VoIP Infrastructure and applications can be improved to a level of acceptable risk.”

Have fun!

Loading comments ...

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more