Many of our soldiers are stationed at Camp Coyote just south of the Iraqi border. This is how you know we have a strong army, when you can actually tell your enemy exactly where your camp is and what its name is.
John Stewart, The Daily Show
While the intricacies of invading a country are slightly different than hacking a VoIP network, the success of each typically depends on having done solid reconnaissance and research well before the first shot is ever fired .
By its very nature, VoIP exemplifies the convergence of the Internet and the phone network. With this convergence, we are starting to see the exploitation of new exposures particular to VoIP as well traditional avenues of attack. Much like WWW technology, VoIP devices, by technical necessity, are advertised and exposed on IP networks in many ways, allowing hackers to find and exploit them more easily.
Any well-executed VoIP hacking endeavor begins with footprinting the targetalso known as profiling or information gathering . A footprint is the result of compiling as much information about the target's VoIP deployment and security posture as possible. This initial approach is similar to the way a modern military might pour over intelligence reports and satellite imagery before launching a major enemy offensive. Leveraging this profile allows a general to maximize his troops' effectiveness by aiming strategically at holes in his enemy's defenses.
This chapter focuses on a variety of simple techniques and publicly available tools for gathering information about an organization's VoIP security posture from the perspective of an external hacker. Footprinting is merely the first step that fuels further activities such as scanning and enumeration, which are described in the next chapters.