Other IP Phone Attacks

There are several additional attacks possible against IP phones. These are covered next .

Attack Poor Local Protections

Unplugging/plugging the combined RJ-45 Ethernet/power cable from the back of the Avaya 4602 phone provokes its boot cycle. During boot, a prompt appears temporarily to permit a user to enter the IP phone's setup by pressing the * key. There is no password required to change the IP phone's settings. These settings vary as a function of the IP phone's application load. According to Avaya's website, 2.3 is the latest release of the Avaya 4602 IP phone.

Countermeasurs Restrict Local Configuration of the IP Phone

This behavior is controlled by the customizable system parameters PROCSTAT and PROCPSWD settings. PROCSTAT controls whether local (dialpad) administrative options can be accessed (0 means all administrative options are allowed; 1 means only viewing is allowed). PROCPSWD can restrict administration to a required password.



Hacking Exposed VoIP. Voice Over IP Security Secrets & Solutions
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
ISBN: 0072263644
EAN: 2147483647
Year: 2004
Pages: 158

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net