New kind of security hole: VOIP

Security vulnerabilities affect a number of vendors' software for setting up voice and video sessions over IP networks using the international H.323 conferencing protocols.

Experts are calling the flaws reasonably serious because of the number of products involved, the widespread use of voice over IP equipment and the fact that core operating systems are involved, including the Cisco Internetwork Operating System.

When administrators set up video or audio sessions, malformed fields in H.225.0v4 call-signaling messages could make IP networks vulnerable to denial-of-service attacks or remote compromise.

The security holes are 'similar to traditional network-based vulnerabilities, only they happen to affect VOIP,' said Neel Mehta, research engineer with the X-Force laboratory of Internet Security Systems Inc. of Atlanta.

Researchers at the University of Oulu in Finland found the flaws with a test suite developed for products using the H.323 VOIP protocol. They flagged products from vendors including Cisco Systems Inc., Microsoft Corp., Nortel Networks Corp. of Brampton, Ontario, and Tandberg Inc. of Herndon, Va.

Mehta warned that IP networks could be at risk even if they do not host VOIP services. 'You may be vulnerable if you have parsing for the protocol enabled on your routers,' he said. Not all such capabilities are enabled by default.

The ISS Internet Scanner, downloadable from, can check for the vulnerabilities. Many of the vendors have already released fixes, Mehta said. Others still are assessing the situation. Administrators should check with their networking vendors about vulnerable products and patches, he said.

Administrators not using VOIP should consider blocking traffic on TCP or UDP port 1720 used for call-signaling messages, and disabling call-setup protocols on servers and routers, Mehta said.

The announcement of the vulnerabilities was coordinated with the vendors and Britain's National Infrastructure Coordination Centre so that the affected vendors had an opportunity to react.

'We haven't seen an exploit yet,' Mehta said, but he added that he expects some soon.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • HPE SGI 8600

    New supercomputers headed to DOD

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group