-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Chad" == Chad Osmond <[EMAIL PROTECTED]> writes:
Chad> My feelings are that it's just SIP based though, and may work
Chad> with asterisk with some work.
Or, it's MGCP, which is much easier to make "incompatible", and in
which case, it's totally insecure.
(Why not? AT&T "TalkBroadband" uses MGCP)
>>>>> "Alex" == Alex Robar <[EMAIL PROTECTED]> writes:
Alex> I would agree with Chad here. It's much like the Primus
Alex> TalkBroadband service. They'll tell you it's not possible, but
Alex> if you sniff the connection you can find your login
Alex> information. After that, it's just a matter of spoofing the
SIP was designed so that this won't work.
This is in fact the *MAJOR* security hole in MGCP.
The cable companies listened to the IETF about MGCP, when the IETF said
"run it over IPsec". The CableLabs approved specification for doing this
is that the ATA does a simplification of IKE/KINK (Kerberos is directly
to key the IPsec SA. This means no PFS), and that's what the ATA uses to
talk IPsec to the call concentrator.
>>>>> "Andrew" == Andrew Kohlsmith <[EMAIL PROTECTED]> writes:
Andrew> They clearly don't see the light; why give them your money?
What he said.
Vote with your wallet.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRawUioCLcPvd0N1lAQKxOggAiT1I951+KyZu5MOHJgaqLJXa7dwo8rup
nEBGHW4Wcj1M/hykPkQBEAZow7ljKr5Lk98W7PzgLo8+B4OYtHsTKV4sJ9XmEIfZ
uCXrFqDOWYzIlCzltxv+u1HgIHeUOnBF7LIPZfEUJ+HM74H61bHvgwvR/6Rx7ikY
MdZSMS/mcdsQxKb7SIbkhpMRQCMdM1iOj9TBDFzkCxMbVwD+ZKUgPHM3SeZp6ujC
CUku0htGzZ8Mzk0Lis+0NeVFBeFkblQvx32QrTP5Tcgkn3La2hILRFECwEOIpvFG
HrafWUMlyt7Z8hzJAfI8KnA6dBWqwimaVArK3XVa5oo0c25/xvda9Q==
=A8N1
-----END PGP SIGNATURE-----
