Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

Snooping on VOIP 141

Posted by michael from the nothing-better-to-do dept.
EvilAlien writes "SecurityFocus is running an article on a joint Justice Department and FBI filing to the FCC which asks for broader communications interception powers: FBI seeks Internet telephony surveillance. The move is very similar to the Lawful Access Consultation launched by the Canadian Government in August 2002. Both initatives discuss technological challenges and fears of communication "safe havens" for criminals on broadband services such as Internet, VoIP, and wireless services. Holes in existing legislation, such as Communications Assistance for Law Enforcement Act (CALEA), can provide unintended exclusions for services such as Free World Dialup."
This discussion has been archived. No new comments can be posted.

Snooping on VOIP More

Snooping on VOIP

Comments Filter:

  • Encryption? (Score:4, Interesting)

    by byolinux ( 535260 ) on Friday March 28, 2003 @09:00AM (#5614613) Journal
    What's the encryption like on VOIP? Would something like PGP be possible?

    • Re:Encryption? (Score:5, Informative)

      by bmongar ( 230600 ) on Friday March 28, 2003 @09:08AM (#5614646)
      Well there is PGPFone [pgpi.org]

    • Re:Encryption? (Score:5, Interesting)

      by Max Romantschuk ( 132276 ) <max@romantschuk.fi> on Friday March 28, 2003 @09:11AM (#5614657) Homepage
      What's the encryption like on VOIP? Would something like PGP be possible?

      In theory, the following applies... in practice I have no idea :)

      Since VOIP is transferred in IP packets and packets can be encrypted encryption should be possible.

      Since PGP is public key encryption and this is fairly standard there shouldn't be any problems there either.

      The real issue is that whatever the solution it has to be part of the standard... otherwise it's pretty meaningless, unless your dodgy friend also has a custom encryption solution, and then I guess one could tunnel VOIP through an SSH tunnel just as well.

      I suspect that VOIP technologies have incorporated encryption, but I'm not educated on the subject. Would someone care to fill in?

      • Re:Encryption? (Score:4, Interesting)

        by jackb_guppy ( 204733 ) on Friday March 28, 2003 @09:33AM (#5614742)
        Since it is packets.

        You can direct it though VPN or SSH tunnels to add another layer of encryption.

      • I suspect that VOIP technologies have incorporated encryption,
        I suspect that you haven't read the article:
        "Those phones don't have a lot of CPU power, so the communication between the two ends is not encrypted,"
        • True, but what about comms between the switch that the phone is attached to and the switch the other phone is attached to?

        • "Those phones don't have a lot of CPU power, so the communication between the two ends is not encrypted,"


          Avaya is currently the market leader in VoIP shipments, and even their oldest, first generation IP hardphones are capable of media encryption. The above is a pretty overblown generalisation...

      • Re:Encryption? (Score:1, Informative)

        by Anonymous Coward
        In http://www.fourmilab.ch/speakfree/unix/ it is stated at release notes of rel7.6 that AES is supported as encryption algorithm and pgp and gpg may be used in automatic key exchange.

    • Re:Encryption? - ULER (Score:2, Insightful)

      by mrmeval ( 662166 )
      Speak freely has IDEA encryption built in and the client can exchange session keys with PGP. I doesn't use a PGP IDEA key to DO the encryption, it generates it's own but once the key exchange is done with PGP. *poof* fbi still AS ALWAYS needs to get off their fat ass and drop this Ubiqitous Law Enforcement Rampage and do the HUMAN INTELLEGENCE that they get paid to do.

    • Re:Encryption? (Score:3, Informative)

      by Albanach ( 527650 )
      There is in fact PGP fone which does just that: Link here [pgpi.org] There's aslo SpeakFreely available here [speakfreely.org]. Both support secure encryption, so unless they really do ahve those factoring machines and we don't yet know it...
    • Encryption? Privacy? There's always VOMIT [xtdnet.nl]!

    • Re:Encryption? (Score:2, Informative)

      by pdjohe ( 575876 )
      Sure VoIP can be encrypted.

      However, encryption and decryption take time, and when using VoIP, LATENCY can be a big factor. A delay time of 250ms can be somewhat annoying and the term 'real time' communication is somewhat lessened.

      So the slower the en/decryption, the more delay time you would have no matter how big the pipeline between the two people is.

      I haven't tried PGPfone for a number of years, and computer speeds are quite a bit faster now. Maybe en/decryption time isn't much of a problem now. Wh
  • Let me guess. Previously known as French World Dialup. /Pedro
    • It looks pretty cool...

      I'm going to find a price for Cisco ATA 186s and Cisco 7960s.

      • Re:Free World Dialup? (Score:5, Informative)

        by PerlGuru ( 115222 ) <michael@thegrebs.com> on Friday March 28, 2003 @09:16AM (#5614674) Homepage
        There is a company I use called Vonage [vonage.com]. They provide you with a free Cisco ATA when you signup. You aren't renting it, you own it. You pay $10 for shipping (I got mine two days later) and your first month and your good to go. Has caller-id, three way calling, voicemail and some really powerful forwarding features that can make your phone bounce all over the place and then back to your voicemail with them. One draw back is they have a cancellation fee (about $39 I think). All in all, they have been great for us... it is our only phone now. Upstream requirement is 90kbs. And no, I don't work for them... just a satisfied customer.

        • Re:Free World Dialup? (Score:3, Interesting)

          by rixster ( 249481 )
          I use vonage as well. I live in the UK and my SO in NY. I get unlimited international (i.e. UK US) calling for 30 usd a month. Plus she can call me for the "cost" of a local phone call and the line is nothing short of excellent quality. OK - a few times they've had problems, but in the space of around 8 months I can only think of 2-3 times this has happened. It is definitely a fantastic server. (recommend me and get 40 USD free!!)
          • They now include Canada in the free calling area. No more international fees to call Vancouver. Yay! Oh, and the "virtual number" thing is cool. For an additional $4.99/mo, I can get a (916)xxx-xxxx phone number that routes to my home phone.

            Pretty cool setup.
        • Gotta agree with you here. I'm extremely happy with my Vonage phone as well. My *only* beef with it is that I live in a small town and the closest prefix I could get is for a town 20 miles away. So, this is no prob for distant relatives who'd have to dial the area code anyway, but my immediate neighbors haven't figured it out yet.

          "Yes, I have weird phone number. No, I haven't moved."

          BONUS INFO:
          I have yet to receive a solicitation on my Vonage line! WooHoo! Take that all you people with too much alum

  • Monitoring ? (Score:5, Funny)

    by koh ( 124962 ) on Friday March 28, 2003 @09:04AM (#5614628) Journal
    In other news, criminals are now able to use "cars", new transportation means that allow them to quickly escape after perpetrating crimes. FBI is looking for a way to monitor all cars in order to ensure security.

    This is getting boring. Really.
    • koh said...

      In other news, criminals are now able to use "cars", new transportation means that allow them to quickly escape after perpetrating crimes. FBI is looking for a way to monitor all cars in order to ensure security.

      That's not nearly as funny as some folks seem to think: I'd have modded it "insightful" myself. Witchfinder Ashcroft is almost certain to be looking into this very concern.

      And now for my prediction: The 2004 elections will be postponed for security reasons. You heard it hear first.

  • Time to revive pgpfone? (Score:3, Informative)

    by mstockman ( 188945 ) on Friday March 28, 2003 @09:04AM (#5614629)
    Won't people who value their privacy (which, sadly, may also include criminals) just revive a project like PGPfone [pgpi.org]? I don't think it's been updated in a while, but the source code is still there...
    • Better yet, there should be a cheap implementation of a Pgpphone device in hardware.

      /Pedro

      • There are encrypted landline hardware phones. PGPfone is just software encryption for a landline call (i.e. no IP involved). Encryption of VoIP is trickier.
        • Yes there are. But they are either expensive or castrated or both.

          /Pedro

          • This is very true. But the same can be said for just hardware encryption of any kind. I think DES is as secure as you can get on a chip. Even then, they cost $50 or so. Secure encryption doesn't need tons of processor power or memory, but there isn't demand for it. The phones would inevitably be even more expensive than a general purpose encryption device--they have to do encryption in "real-time." Doesn't sound trivial to me, which is probably why you have GSM phones using vocoder (i.e. speech invers

  • What would they do if.. (Score:5, Interesting)

    by 3.5 stripes ( 578410 ) on Friday March 28, 2003 @09:07AM (#5614641)
    people used ssh to tunnel their calls (assuming it's possible), or made calls over VPNs?

    • Re:What would they do if.. (Score:4, Informative)

      by pesc ( 147035 ) on Friday March 28, 2003 @09:31AM (#5614735)
      ...people used ssh to tunnel their calls (assuming it's possible), or made calls over VPNs?

      They would use traffic analysis. This allows you chart how the criminal networks are organized. There have been several convictions in Sweden where criminals used mobile phones during their crimes and traffic analysis provided the needed evidence. Traffic analysis has several benefits; it is very easy to automate it in computers (compared to having computers that actually analyze the spoken content), it is cheap (very little data is produced), and it doesn't matter if the content is encrypted or if you can't break the encryption.

      Sometimes (when I'm feeling paranoid) I think there is a grand conspiracy from FBI, NSA, etc. They talk about encryption, make half-hearted attempts to ban it, etc. So that people in general think they are secure once they encrypt their communication. And then they can use traffic analysis to watch over the general public. ;-)
      • How exactly does traffic analysis help them have any idea what I am talking about on my phone. I think encryption is an excellent idea.
        • How exactly does traffic analysis help them have any idea what I am talking about on my phone. I think encryption is an excellent idea.

          Maybe they don't, but it can be interesting anyway. And when they find interesting stuff, they can direct other types of surveillance on you. And in the end, break the crypto using knuckle-breaking ;-)

          How does encryption protect you with this example:

          From: diablobynight@slashdot.org
          To: sales@al-qaida-store.af
          djfwkjef kwbvwkev bwiweviwuegfwi eufgwkefb wkjefbwiuev
          wejfhk we
          • that is the worst example I have ever seen and if our criminals are dumb enough to have traffic directly to a company named as such, then they are dumb. But notoriously they use front companies, like shipping companies to purchase goods. then it's From:diablobynight@slashdot.org To: sales@internationalshipping.ath.cx
            • Typically you would combine traffic analysis with another type of surveillance resulting in a scenario like:
              Hmm, the last two times that diablobynight has run out of money only to mysteriously get some more there was an encrypted email from him to sales@internationalshipping.ath.cx in the preceding day. This internationalshipping.ath.cx warrants further investigation.
      • Just to blue-sky here...

        What if you used stego on your own streaming media? Two porn feeds later, and you have a fairly secure(?) conference call.

        It'd at least slow them down.

    • SSH is too far up the protocol stack - if you're going to wrap encryption around an unencrypted VOIP stack, IPSEC is the right layer to work at. There's still a bit of weirdness there (Cisco's cRTP Compressed RTP implementation doesn't work over IPSEC, unless they've updated it recently, so you need to use uncompressed headers, which inflates packets sizes a lot), but it's better than doing Layer 4/5 solutions.

      The right choice is to build the encryption into the VOIP protocols themselves, which the initia

  • farming in 84 (Score:5, Insightful)

    by Syncroswitch ( 656450 ) on Friday March 28, 2003 @09:08AM (#5614651)
    In other news, orwell rolled over in his grave today, as a confused nation scrambled to hand over their individual freedoms for the sake of percieved security.

    Do not surrender your freedoms, granting increased voip snooping is just one more step to a totalitarian nation, where we justify acts like pre-emptive wars, racial profiling, internetwide snoop network with evil McCarthy databases,...

    Oh shit it already happened...

  • ipsec (Score:1)

    by sabri ( 584428 )
    I really wonder how they will sniff ipsec't packets..
    • In the long run, I think the answer is.... it doesn't really matter.

      While it varies from country to country, getting a wiretap authorized, placed, monitored, and reported on is a big expense, and a big manpower drain.

      I've dealt with the cops on a couple of incidents. Unless you're talking about a really big case, where someone's been killed, or massive thefts, you're lucky if one agent has more than a few hours to look into it.

      Unless you're a creep on the level of Bernie Ebbers or Martha Stewart, it jus

  • Wouldn't you want your VoIP encrypted anyway? (Score:5, Insightful)

    by Kjella ( 173770 ) on Friday March 28, 2003 @09:23AM (#5614699) Homepage
    Seriously. I know most people send postcards (e-mail) and not letters (encrypted e-mail) but wouldn't you at least do a simple public key exchange for VoIP? I feel I have much more privacy in a phone call than I do on an unencrypted Internet chat that is being relayed through a bunch of unknown servers.

    Even the simplest of key exchanges would stop any eavesdroppers, and making a man-in-the-middle attack requires so much more work, not to mention being detectable if verified through a secure channel.

    That being said, I can understand the law enforcement agencies. It's not like it's the difference between a postcard and an envelope - it's the difference between a postcard and an indestructable envelope. Giving the police special permissions (e.g. to open your letters with a court order) doesn't work well in a world where encryption is in black and white - secure and insecure. Escrow keys and stuff like that to make it work like in the "real world" doesn't work well either.

    Personally, I think I'd just write a AES wrapper if I'm busy planning to Take Over The World(tm Pinky & the Brain). Either that or I'll just send some PGP'd blueprints over freenet through a proxy from a webcafe wearing gloves or something ;)

    Kjella
    • I might be wrong, but I thought VOIP traffic was primarily UDP, not TCP. TCP is used for the call setup and teardown, but the actual stream of voice pakets is UDP for speed's sake.

      With UDP, you don't mind losing a packet or two to network congestion (and the voice stream comes through with garbled for half a second.) The idea is that if your network buffer (or stack) fills up, the UDP packets are thrown away first. I can't see encryption being speedy enough. I could very well be wrong.

      But to me, encryp

      • Oh heavens no... Avaya offers a 104 bit version of blowfish encryption on their VoIP solutions today, and it adds roughly 3ms of latency to each end of the conversation.

        Now, if you planned on doing new IKE s every 10-15 packets as with SSL, then you'd run in to more problems, however what AV does today with VoIP encryption is prefectly workable and causes no noticeable affects on the call.

        D

        • Thank you. I did not know that, and it might very well come in handy. Where I work, we will be investigating a VOIP solution this coming year. My boss went to a dog and pony show by Avaya, and was pretty impresed. We were less impressed with the Cisco + SBC solution. It is reliant on a Windows 2000 server and only integrates with MS Outlook (we are a GroupWise shop).

          Can you imagine how happy our clients would be if the VOIP call setup server got last week's WindowsUpdate WebDAV patch?

          Gad.

      • I might be wrong, but I thought VOIP traffic was primarily UDP, not TCP. TCP is used for the call setup and teardown, but the actual stream of voice packets is UDP for speed's sake.

        You're partially right. The sound data is indeed carried over UDP, almost always encapsulated by a UDP-based protocol called RTP (Real Time Protocol). RTP can also carry other time-based media like video.

        There are 2 mail competing standards for call setup and tear-down:

        • SIP - Session Initiation Protocol - Which can be carr
    • Encryption for RTP is past IESG last call in the form of SRTP. Beyond that there's the problem of how to rendezvous. For SIP and MGCP, there's currently no widespread way of signaling the SRTP parameters in SDP. There's both MIKEY and draft-baugher-mmusic-sdpmediasec-00.txt which extend the semantics, MIKEY being rather heavy duty and draft-baugher being more direct and to the point. MIKEY allows the SDP announcement to be encrypted itself, whereas draft-baugher relies on either transitive trust through int

    • it's the difference between a postcard and an indestructable envelope. Giving the police special permissions (e.g. to open your letters with a court order) doesn't work well in a world where encryption is in black and white - secure and insecure.

      You have a point here, but if the police had just cause, couldn't they get a search warrant and get the key(s)? The way I understand encryption, it would work like this:

      • The police get permission for a "wiretap" and log all the suspect's VoIP related traffic.
      • Th

  • P2P VOIP? (Score:3, Insightful)

    by rickthewizkid ( 536429 ) on Friday March 28, 2003 @09:24AM (#5614706)
    What if the VOIP program was directly from my computer to the other party's computer with no "central server" as such that all the traffic flows through. As I see it, CALEA is only feasable on systems such as POTS or cellular where all calls go through a switch of some sort. If one were to set it up so that my computer talks directly to your computer over an encrypted link (maybe with SSL etc) there is no central switch to be compromised...

    Of course, one can always use a pay phone. Cash still works.

    Just my please-deposit-nintey-cents-for-the-first-three-mi nutes'-worth
    RickTheWizKid
    • But I guess if you wanna speak to some of your Al-Qaeda buddies in Afghanistan thru VoIP there aren't many routes your packets could take if you use a public network like the Internet...
      If you wanna go private you'd still have to use some sort of public access network unless you've got so much money that you might as well run for president and do your dirty deads legal...
    • This is actually how SIP ends up communicating. I have set up a number of the Cisco 7960 phones running SIP software and what acutally happens is this:

      Message sent to central sip server saying 'where is ext 1000'
      (or whatever number you dial). Sip server comes back and can say 'no idea where that is', or provide a referal to another ip/dns name. The underlying request can look like 267@204.42.254.14 or 90753@iptel.org for example. Once it finds a positive answer for the lookup, it uses information conta

    • Re:P2P VOIP? (Score:2, Interesting)

      by jmagar.com ( 67146 )
      VoIP is Point to Point already for on net calls. If you leave to the POTS them you are working with a media gateway in the middle.

      CALEA works on the call manager. Heres a quick and dirty run down:
      1)You pick up the phone
      2)the MTA (you IP phone) sends an off hook to the call manager
      3) the call manager send back dial tone.
      4) you dial
      5) the call manager hunts for a route either on net of to the SS7 network
      6a) if on net the call manager send ring to other MTA
      6b) if off net call manager send ring over SS7 (POT
      • www.asterix.org. Someone already did :)

        Regards,
        Tim.
      • Cisco CallManager does not support SIP. It uses skinny (SCCP) to talk to Cisco IP phones and telephone adapters. It uses megaco (MGCP) to talk to Cisco IOS gateways, and vanilla H.323 for other ones.

        Cisco does make SIP products, but they are for use with their SIP Proxy Server product or third-party SIP proxies.

        Ciao.

        Pat

        • Actually the BTS 10200 is a telco grade Call Manager. I don't know their PBX line of cisco IP phones. The BTS is designed for SIP and for enabling any MGCP or SIP MTA, it is essantially a CLASS 5 switch for VoIP, some crazy number like 20,000 call setups per second. I know that this is being used for TWC to offer VoIP on the Road Runner cable modem network.
          • Cool man! I wasn't aware they made a telco-capable softswitch product. (and I work for a telco, the one with the blue logo and the swirly)

            -Pat

  • And non-criminals (Score:3, Interesting)

    by truthsearch ( 249536 ) on Friday March 28, 2003 @09:26AM (#5614716) Homepage Journal
    "safe havens" for criminals

    Us non-criminals can't have a safe haven either? Thanks.

  • Remember when ... (Score:3, Interesting)

    by wytcld ( 179112 ) on Friday March 28, 2003 @09:32AM (#5614741) Homepage
    Remember when we used to have sigs that included keywords that were designed to attract the attention of spooks using Echelon to monitor e-mail traffic? Well, we can easily add recorded voice clips to the end of our VOIP calls to similar effect. Go to the library, check out a book of war poetry, and start recording those keyword-rich sound bites. Or select passages from Gravity's Rainbow.

    Hmm, we could put this stuff on our answering machines too. As a way of supporting America's martial spirit, of course.
    • ...still in emacs, anyway.
      (Standard M-X Spook word list follows)
      Go ahead, put the whole list in your sig.
      Cheers,
      Jim

      $400 million 1 October 15 May 17 November 3rd October ACLU ADF AES AIDS AIIB AK-47 ALIR ANO ARD ARN ASALA ASG Abu Nidal Abu Sayyaf Aceh Merdeka Aden-Abyan Ahl-e-Hadees Air Force One Al-Fatah Al-`Asifa Alamo Albanian Alex Boncayao Brigade Alliance of Eritrean National Force Alliance pour la resistance democratique Allied Democratic Forces American American Airlines Amn Araissi Arab Revolutionar

  • Sigh...the only tech needed. (Score:5, Insightful)

    by siasl ( 541853 ) on Friday March 28, 2003 @09:33AM (#5614744)
    We can give up all our remaining freedoms but the only "tech" a "terrorist" really needs is the commitment to die for their cause. How do you 100% guard against that? I fear for our children's children.
    • It's much harder to stop someone who's willing to die for their cause - does that mean we shouldn't even try? That's sort of like saying that some people are going to die in traffic accidents anyway, so why bother with seatbelts and airbags?

  • Orwell was wrong. (Score:4, Informative)

    by the_other_one ( 178565 ) on Friday March 28, 2003 @09:35AM (#5614756) Homepage

    He was completely off by about 19 years.

  • Sounds like its time for the geeks of America to unite and do something. Reading stories like these make me feel lucky that I live in Europe. I Feel sorry for u people.
    • so what, you think the fbi etc are only going to monitor americans?????
      good luck with that one....
    • I also live in Europe and I can tell you i am not happy about. All that the EU does is to copycat America and it's laws, it may take some time (6 to 12 months generaly) but Europe will be watching... and doing the same.

      DMCA and others have proven it...

  • perhaps i'm just naive or ignorant, but how would the government being able to snoop on a voip call be any different from a wiretap on your hard line phone? it would have the same effect, and i'm assuming that if the government were allowed to snoop on voip calls, they would be subject to the same guidelines that they have to follow when tapping a regular phone line. can someone with more information clarify please?
    • It wouldn't be different, the legal process would be the same, etc.

      The real question is whether the company operating the service has to comply with CALEA, which among other things requires the provider to create/maintain infrastructure to supply Law Enforcement Agencies (LEAs) with information like the following (when requested via a warrant, that is):

      • Content of subject-initiated conference calls -- An LEA will be able to access the content of conference calls initiated by the subject under surveillanc

  • I'll take terrorism over totalitarianism (Score:5, Insightful)

    by leereyno ( 32197 ) on Friday March 28, 2003 @10:03AM (#5614916) Homepage Journal
    The law enforcement community has been begging for the unrestricted right to spy on the american people for some time now. I don't know about the rest of you, but I'm much more fearful of government agents with gestapo-like powers than I am of deluded wackos from the 3rd world. The intelligence community already spies on the rest of the world, which is where the threat is coming from. That should be enough. If not, then that is what our military is for, to defend the country against our enemies...which are OUT THERE, not HERE. I'd rather have terrorists over to my house for dinner three nights a week than see law enforcement aquire unnecessary powers that are a greater danger to the public than the terrorism they are purported to prevent.

    The abundance of those who would trade freedom for the temporary illusion of security are proof positive that 50% of the population is of below average intelligence.

    • Too bad not all deluded wackos are from the third world. You really think there aren't plenty of them here too? Ever hear of domestic terrorism? I don't think the executive branch should have unrestricted intercept rights either, but OTOH, I just don't think your argument holds water.

      TimeZone

    • If not, then that is what our military is for, to defend the country against our enemies...which are OUT THERE, not HERE.

      Eric Harris
      Dylan Klebold
      Timothy McVeigh
      Bufford Furrow
      Randall Terry

      Any of those names ring a bell? They're all white guys who've committed terrorist acts on US soil. (Well, Terry excepted -- he's more like the local Imam, the guy who talks others into it on religious grounds.) McVeigh was part of our worst terrorist act prior to 9/11.

      Scary thing is, the same people passing laws t


  • I wonder if it would be plausible to get these guys to cease-and-desist under the DMCA.

    IANAL, but I kinda doubt it, but it's nice to dream about, no?

  • If you're interested... (Score:4, Interesting)

    by GeorgeH ( 5469 ) on Friday March 28, 2003 @10:29AM (#5615110) Homepage Journal
    You too can listen in to VOIP with voice over misconfigured internet telephones [xtdnet.nl] or vomit for short. It only works for Cisco IP phones, but I hear that this Cisco company may become a medium to large business in the networking industry.
  • Both initatives discuss technological challenges and fears of communication "safe havens" for criminals on broadband services such as Internet, VoIP, and wireless services.

    The way things are going, that should read: "safe havens" for dissidents...

  • Excellent timing yet again for an article related to something I wanted to ask this crowd about.

    I just moved into a new office, and the customer left behind a detached Cisco IP phone tossed in the corner. What free software options do I have to put this puppy into service? Best I could find so far was that I need to run Cisco CallManager on the network. I was hoping to find that the proprietary protocol has been cracked and is supported by Gatekeeper or something. So far, no such luck.

    This unit is a 12 SP
    • Well, With out knowing exactly what type of phone it is, I would assume it is h323 compatible. So you should be able to dial (by IP) anyone who has a H323 compliant device (ie netmeeting). You need to run a VoIP gateway in order for traffic to be sent to the internet... or even through your lan. Free h323 software is at available at openh323.org

      I use H323 as an intercom system within my house.
    • There's a linux software, called * (www.asterisk.org) that supports sip,h323,pstn,isdn,pri(E1,T1). you can plug the cisco phone to it and use * as gateway or so. We're using it in our office and rocks.
  • VoIP already stresses the networking and hardware limits in order to provide the "quality" that they do now. Many people think that encryption is a solution, but I don't think it is right now. PGPphone is NOT VoIP, but software encrption for the landline telephone network (i.e. audio encryption). But adding encryption to actual VoIP would lower the quality of service considerably. Ever try using VoIP over VPN? It is really bad. You can use google to find articles about how to turn VPN off for just VoI
    • PGPphone is NOT VoIP, but software encrption for the landline telephone network (i.e. audio encryption).

      I'm not so sure this is accurate. I've used PGPFone cablemodem to cablemodem, and it works fine, great in fact. The sound quality is much, much better than, say, TeamSound, for example. For the time being I'm too lazy to look up the exact definition of VOIP (is it a protocol, or is it just a general term for voice communications over the internet), but no, PGPFone isn't restricted to modem-to-modem u

      • Actually, the PGP manual says:
        "Internet calls are also supported. We created PGPfone to allow private conversations between
        people. The initial release of PGPfone accomplished this by encrypting phone calls between two people via their modems, with a direct connection between the two people's modems, using only the phone system as the intermediary. But popular demand has driven us to add the capability of sending the data stream over the Internet, instead of just the phone system. This feature allows for che
    • If you've got problems with VOIP quality when you're using a VPN, the problem isn't the encryption, it's the rest of the system. It's only bad if it's done badly. The encryption itself isn't the problem - it's much less CPU work than voice compression, even with something slow like 3DES. If encryption were handled by the VOIP system, instead of tacked on by a VPN, it wouldn't be a problem at all.
      • Headers - For most VOIP systems, the compressed voice isn't very big - it's smaller than the RTP and IP heade
  • The only protection against eavesdropping is strong end-to-end encryption. We got the ECPA (86 - US) shoved down our throats so cellular companies could claim their systems were "protected" from unauthorized monitorin without having to actually spend money on embedding crypto hardware in subscriber units.

    CALEA was just a pitiful attempt to keep LE agencies from having to spend big bucks on upgrading their monitoring hardware.

    If an individual, organization, government agency, or other entity wants to mon
  • Ofcourse we should be worried about terrorists using Voice Over IP, because I'm sure that Bin Laden has a computer in that cave of his and Hussein has a better knowledge of computing than Linus Torvalds (heaven forbid lol)... Seriously though, I think this is just another excuse for the larger government agencies to have a better grip on the people of their country, take Echelon or Carnivore for example... Both made for security but at the cost of many individuals privacy. I'm not necessarily against more p
  • I just replaced my home phone with a voip phone from packet8.net [packet8.net]. I also considered vonage.com [vonage.com]
    Am I to understand then, that currently law enforcement could _not_ get a wiretap order to listen in on my calls? Being a privacy advocate I like this very much, maybe a temporary solution for criminals everywhere. FYI vonage uses cisco ATA's but packet8 has a proprietary solution. I hope that when people listening in on voip calls becomes more common place they upgrade to an all encrypted system.
    Then all we'd n
    • Assuming you're using a VOIP-to-telephony gateway in the US, various sets of police could probably get a wiretap order now, but they'd have trouble implementing it, because the connection to your home isn't the kind of equipment they're good at wiretapping. If they did a tap at Vonage's gateway, that part is a shared trunk from their VOIP routers to a telco, so there isn't a convenient relationship that says that "Line 3 is Doug Naka's phone". They could tap _all_ the lines, and only keep the ones they r
  • This is just another job for good encyption.

    It's a done deal.

  • Free World Dialup has been called "Napster for Phones." It's a free service aimed at developing Internet telephony as a mainstream alternative to the public switched telephone network.

    WTF?!? Is anything that does not pass through a "normal" distribution channel now comparable with Napster? Other than using a computer network, how is VOIP anything like Napster?

    It seems like journalists love to compare things with Napster just to give those things an slight taint of naughtiness.

  • that the public accepts reasons like this as valid; the only reason wiretaps were allowed in the first place was because it made sense in some situation.. like
    "Hey, we are trying to solve this here crime, and we think this guy is using thsi here phone, can we listen in? OH cool."

    Now the ability to snoop has become a feature that must be present or the government has a fit.

  • FYI,

    Jeff Pulver is a great guy to network with in the SIP VoIP industry.

    The German's also have a similar site to Jeff's at iptel.org. The iptel.org Web site appears to have over 65,000 accounts. They are working on SIP Instant Messaging and Presence Leveraging Extentions (SIMPLE) server infrastructure that could give the Microsoft RTC a run for its money.

    There are plenty of providers or carriers that provide SIP services here are a few.

    Business Grade:
    1) Worldcom
    2) Webley
    3) Denwa

    Consumer Grade:

Slashdot Top Deals

HELP!!!! I'm being held prisoner in /usr/games/lib!

Close