[kwlug-disc] voip.ms - tos? [Was: VoIP - Even without a server]

unsolicited at swiz.ca unsolicited at swiz.ca
Mon Feb 14 14:10:10 EST 2011


Prefix: thanks to Lori for the DOH! moment that a voip call is no more or
less secure than any other internet traversing session. And that privacy
concerns are probably only a real non-ISP concern at the local, remote, or
ITSP premises (cross-over from net to POTS).

Interesting.

Were you able to solve the problem, and what was the nature of the fix, if
you can say?

i.e. If wireshark results led you to the fix, the I presume it was a
networking issue, OTOH, if pcapsipdump results led you to the fix, I
presume it was a telephony / voice quality issue. Latency? Dropped packets?


On Mon, 14 Feb 2011 12:27:29 -0500 (EST), "John Van Ostrand"
<john at netdirect.ca> wrote:
> One good example of eavesdropping is debugging a voip connection. We had
a 
> customer with audio quality issues that couldn't articulate how it was
> bad. 
> It was also hard to determine from the user the degree of the problem.
> 
> With their knowledge we ran pcapsipdump and captured all the packets for

> each call. Later using wireshark we inspected a call that was reportedly

> bad. We extracted the audio with a few clicks and listened to it.
> 
> We used "appropriate" access.
> 
> 
> ----- Original Message -----
> From: kwlug-disc-bounces at kwlug.org <kwlug-disc-bounces at kwlug.org>
> To: KWLUG discussion <kwlug-disc at kwlug.org>
> Sent: Mon Feb 14 12:08:31 2011
> Subject: Re: [kwlug-disc] voip.ms - tos? [Was: VoIP - Even without a
> server]
> 
> On Mon, 2011-02-14 at 11:09 -0500, unsolicited at swiz.ca wrote:
>> On Sun, 13 Feb 2011 09:10:37 -0800 (PST), Raul Suarez <rarsa at yahoo.com>
>> wrote:
>> > This one falls into the "I should have know this before!!!" category.
>> >
>> > You don't need an Asterisk server to use a DID !! (d'oh)
>> .
>> .
>> .
>> > Something that I wasn't expecting, was total honesty. I read the
Terms
>> of
>> > service and they are very clear: "VoIP.ms does not pretend to offer
>> > 100%
>>
>> > reliable service ... The customer shall not use this service as their
>> sole
>> > call
>> > termination service".
>>
>> As I said, thank for pointing this out.
>>
>> Reading through their terms of service https://www.voip.ms/tosshort.php
>> ...
>>
>>
>> 1. ... The customer understands that VoIP.ms does not guarantee any
>> privacy on the communications through VoIP.ms. ...
>>
>>     The lack of privacy assurance was a little startling. I wonder if
>> that's an issue in this day and age. AFAIK, with landlines, there are
>> privacy protections built in. Further, if you cross into the U.S.A.
>> [voip.ms, or softvox, is Montreal, Quebec based, so I would hope not an
>> issue for Canadian source and destination calls], presumably one enters

>> the
>> realm of the Patriot Act and is open to wiretapping. Hmmm.
>>
> 
> VoIP is not telephony.  VoIP is internet traffic.  In order to eavesdrop
> on a SIP call (non-SRTP) all you need is packet sniffer and
> (in)appropriate network access from someone who is on the route.  A VoIP
> call is as secure as sending an e-mail.  Any device that you can imagine
> for trolling the internet for keywords can easily be modified to troll
> through VoIP calls as well.
> 
> I do not know of any VoIP providers that support secure RTP (SRTP)
> connections (which would only secure connections to/from the provider).
> Asterisk supports SRTP in the development version.  It should be
> available in version 1.8.  I do not know about FreeSwitch.  Various SIP
> phones support SRTP as well.  In the end, unless you trust/control both
> endpoints of a call, your VoIP call is not going to be truly secure.




More information about the kwlug-disc mailing list