Saturday, December 15, 2012

Tracking an Internet User with VoIP

I started taking a closer look at SIP traffic last year, looking for areas to explore - especially information leaks. Of course, if you're receiving a VoIP call plenty of information leaks out: source and destination phone numbers, source and destination IP addresses, client versions, NAT traversal data (internal IP addresses), etc. But you're part of the call, so it's not particularly significant that you're getting some detailed technical information about the caller. But what about when you call someone else, or even just scan SIP services without establishing a call?