Hi
I did some testing with AirCrack against a Senao si-7800 and an AP (WEP 128bit key).
Aircrack cracked the 128bit WEP key after 20 minutes. (there was a continuous voice call going on during that period).
Senao Wifi phones leak weak IV's once a minute or so (Airsnort would take days to crack the key).
Also running Nessus (http://www.nessus.org) against the phones show several vulnerabilities;
ZyXEL P-2000(version WJ.00.0f);
1. WEP implementation is poor. The phone I have sends out WEP packets with the IV always set to 0x000000 (not from Nessus)
2. Vulnerable to 'Etherleak'
3. Answers TCP packets sent from multicast address (spank)
4. Does not discard TCP SYN packets with FIN flag set.
Senao SI-7800 (version 0.03.0004 date 2004.10.07)
same as above plus;
1. WEP Leaks weak IV's (not from Nessus)
2. TCP sequence number prediction very poor - Class=64K, Difficulty=1 (Trivial Joke)
3. Responds to ICMP timestamp request
4. The phone crashed during extended tests, so unable to complete Nessus scan.
Grandstream BT-101's don't do very well either but I posted a message to the support department, If I don't here back I'll post the results. They are not so much of a risk as they are on the wired side.
Cheers
Giles
----- Original Message ----- From: "Harry McGregor" <[EMAIL PROTECTED]>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" <[EMAIL PROTECTED]>
Sent: Monday, November 08, 2004 11:14 PM
Subject: RE: [Asterisk-Users] Cordless vs Wireless phones
On Mon, 2004-11-08 at 16:27 -0600, Michael Giagnocavo wrote:>The WiSIP phone supports WEP 128 encryption. Not sure if it supports WPA
>encryption, but that'd be your best bet. I'd use maximum encryption, and
>separate your AP from your regular network. Just plug an AP into another
>Ethernet card on your Asterisk server. The phones only need to talk to >the
>Asterisk server, no internet access or anything else. So even if >somebody
>spent the time it'd take to break the encryption, they don't get >internet
>or
>access to workstation or servers or anything.
WEP is quite broken. Probably not even worth enabling, even with 128-bit key
lengths. Then again, if they are using analog cordless phones, those are
probably purely unencrypted, so it's pretty much the same.
WEP is not as broken as you might think, it takes a fair amount of time and traffic to break. It is also statement of "this network is not for you", and thus you have a far better claim at breaking and entering that you do without wep.
Think of it as a dinky little $0.50 padlock on your storage shed. If a thief cuts the lock, they are in a lot more trouble than just opening the door.
Separate WLAN (ie not with your normal phones, and not with your workstations), and WEP (even 64 bit) will keep people out of it. Not having a default route as well will help if they do break in, and MAC address locking on the AP is another good one to use.
All of these together, like car thief's, will drive the person on to the next AP, instead of working on breaking into yours.
Harry
-Michael
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kubat, Philip
Sent: Monday, November 08, 2004 2:19 PM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: [Asterisk-Users] Cordless vs Wireless phones
We currently have an Asterisk installation and need to add cordless /
wireless phones. Requirements are these phone need to be equals to the
"wired" devices, i.e. dedicated buttons for hold, transfer, etc. , e.g. not
an ATA connected analog phone cordless phone. Was thinking of using 802.11b
SIP phones (etc), but this opens up all the security concerns of 802.11 and
the network. Do any of these phone support VPNs? Have to isolate the WLAN
from the LAN.
If not is there a SIP (or any other Asterisk channel) device that is a "cordless phone". Some things like combining an ATA w/a cordless phone? But as one device with all the "digital" features?
Thanks! Phil
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
-- Harry McGregor, Computing Manager Tucson Support Group - U.S. Geological Survey University of Arizona - Environment and Natural Resource Building 520-670-5574 (office) - [EMAIL PROTECTED] 520-661-7875 (Cell) - [EMAIL PROTECTED]
The opinions/statements expressed herein are my own and should not be taken as a position, opinion, or endorsement of the University of Arizona or the U.S. Geological Survey.
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
