Healthy Paranoia Show 23: Phone Phreaking, Hacking and Fraud, Oh My!

That’s right listeners, you’re not in Kansas anymore! It’s time to follow that Yellow Brick Road to another episode of Healthy Paranoia. Today, we’ll be discussing phone phreaking, hacking and fraud, oh my! So we’re off to see Wizard, the Wonderful Wizard of VoIP security, Patrick McNeil. Joining me over the rainbow for this trip to the Emerald City is Good Witch of the North Amy Arnold, and our very own Mayor of the Lollipop Guild and network architect Andrew Gallo. I’ll be your host, the Great and Powerful, Mrs. Y. You’ll hear the Tin Man get a heart, the Lion will find some courage and Senior Management will finally get a brain. 

In this episode, we cover:

  • Overview of VoIP protocols – H.323, MGCP, SIP, RTP, RTCP, Skinny
  • Bearer or data vs. signaling
  • Vulnerabilities of VoIP and TDM
  • Common attacks
  • Best practices for securing voice
  • MPLS is sexy?

Show Notes:

VoIP protocol listing: A glossary of VoIP protocols and standards

VoIP Protocols

Mean Opinion Score (MOS)



Dionaea Honeypot

sundayddr SIP scanning worm


H.323 vulnerabilities

Communications Fraud Control Association (CFCA)

Yet another parody film of Unified Communications


Wicked Witch of the PBX



Mrs. Y
Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.
Mrs. Y
Mrs. Y
  • layer4down

    Good show there, Mrs. Y!

  • NewListener

    I’m new packet pushers listener, and it’s good show. :)

    BTW I have a question, about 54:24 Mrs. Y mentioned that, she would not want to have VoIP and somethingelse going through firewall. What was that “somethingelse”? English is not my motherlanguage, and I can not understand what she said.

  • akgallo

    Hi NewListener:

    Glad you enjoyed the show.

    The other thing
    Mrs.Y mentioned that she wouldn’t want going through a firewall is
    iSCSI – SCSI over IP – block storage. It can be more sensitive to minor
    problems on a network that other traffic doesn’t care about. In my
    experience, when possible, many people like to build dedicated, flat
    layer-2 networks for iSCSI.