-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Mike" == Mike Ramsay <[EMAIL PROTECTED]> writes:
Mike> Hi all I was wondering how safe voip for privacy and can it
Mike> be intercepted.
Unencrypted VoIP, whether MGCP or SIP is trivial to intercept.
It is so non-private, that frankly, I expect a court to eventually say
that there is no expectation of privacy, and so no wiretap may be
required.
Eavesdropping on SIP is as easy as eavedropping on any other internet
communication --- almost anyone at any ISP can listen in on any traffic
transiting it. The controls used for Lawful Enforcement Agency access in
many routers are not well protected, and at least in the case of the
european wiretap standard, the manufacturer of the eavesdropping devices
may actually have agreements with governments friendly (to them, not to
you) to divert a copy of your traffic to them.
In addition to this, MGCP is trivially spoofable. That means that
someone could trivially redirect your MGCP session to their phone, and
then send the traffic to you, not requiring any tampering with routing
equipment at all.
(TalkBroadband uses MGCP)
See RFC3435 section 5.
If you are using Asterisk on Linux, running your traffic over IPsec is
a trivial thing to do. (as in, 30 minutes or less to setup).
For Asterisk on *BSD, it might take you as long as 1 hour.
Given that why would you do otherwise?
Mike> When Simon was working at the same place I was, he did some
Mike> test and found that after a call was completed, ie connect two
Mike> SIP phones the connection became, point to point no asterisk
Mike> server in the middle. My question is how do we secure the
Mike> point to point connection from people monitoring it. It came
Mike> from this webmail it is very light but it made me wonder what
Mike> can be done ?
Mike>
http://smallbusiness.itworld.com/4383/nls_itinsightsvoip050803/page_1.html
You need to run IPsec on the gateways (assuming no wireless), or you
need Linux based phones that can run IPsec in them.
I have yet to see a 802.11b SIP phone running Linux. I'm waiting for one.
- --
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] I'm a dad: http://www.sandelman.ca/lrmr/ [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQvFHcIqHRg3pndX9AQFJIAQAu5r6YHiVB78HmNeeAHnPMypeLB53uMId
mbKVmJjpc3BNvBkr7fDgVxCr2TaqgO3dZe+HnbnClIy5DEd/xHUaJ7hWD7eWBncX
uBdmOo8pQ+CTcv1AkyPpW/RyOEhhJgFHYsdaCS+mzT9Gtn4IQNgccSXgGMA0l8bb
Vv4b5PsIFCY=
=H1qm
-----END PGP SIGNATURE-----
