Sign up
 Vonage  

       
 
Vonage Forum Menu

Vonage Forums
Vonage VoIP Forum
tplink Posted:
Im trying to add
my HT802 vonage
adapter to my home
network. I
currently have
...

In The Forum:
Hard Wiring - Installation
Topic:
Vonage behind switch
On Dec 05, 2016 at 06:35:11

DWSupport Posted:
After recent
Vonage update that
took place on the
4th and 5th of
Nov. E-mails with
...

In The Forum:
Vonage
Topic:
Voicemail Not Forwarding to Outlook Accounts
On Nov 10, 2016 at 12:23:26

peterlee Posted:
Had a call from a
Hospital in Ajax,
Ontario to my home
in
Scarborough, Onta
rio
...

In The Forum:
Vonage Canada
Topic:
Hospital Incoming call unable to connect
On Nov 08, 2016 at 11:59:50

TELLDOUG Posted:
I am looking for a
product that will
make my phone ring
louder so I can
hear using
...

In The Forum:
Vonage
Topic:
Looking for a ringer ameliorate
On Oct 26, 2016 at 09:21:30

HildBeft Posted:
You can recollect
password by
connecting the
router to your pc
and open the
browser
...

In The Forum:
Hard Wiring - Installation
Topic:
How to arrive at wifi password?
On Oct 20, 2016 at 05:05:49

HildBeft Posted:
Great tips..
Thanks for sharing
...

In The Forum:
Hard Wiring - Installation
Topic:
How to have Vonage and another land line?
On Oct 20, 2016 at 04:55:03

massrman Posted:
The devices are
available at
different price
margins , please
share your
estimated
...

In The Forum:
Vonage
Topic:
IP PBX for small business
On Sep 30, 2016 at 00:48:03

massrman Posted:
Hi these are most
commonly used SIP
PBX interops and
their
configuration
guides,
...

In The Forum:
Vonage
Topic:
IP PBX for small business
On Sep 30, 2016 at 00:37:45

Sammy00 Posted:
Has anyone setup a
W52p phone for
vonage? I have
a W52p with two
wireless handsets,
...

In The Forum:
Hard Wiring - Installation
Topic:
W52p Setup
On Aug 30, 2016 at 10:38:01

James44 Posted:
Hi, I am
looking for a good
Sip Trunking
provider in
Canada. they
should offer
...

In The Forum:
Vonage
Topic:
A good sip trunking provider
On Jul 17, 2016 at 23:42:46


Vonage VoIP Forums

Vonage In The News
Vonage Holdings Corp. Reports Fourth Quarter and Full Year 2013 Results

Carolyn Katz Elected to Board of Directors of Vonage Holdings Corp.

Syndication

Vonage Customer Reviews
Vonage vs. Time Warner Cable SoCal
Vonage vs. Time Warner Cable SoCal



Vonage UK Review
Vonage UK Review



Vonage Pros and Cons for 2006
Vonage Pros and Cons for 2006



Vonage, a VT2142 and a RTP300, My Experiences - A Detailed Review
Vonage, a VT2142 and a RTP300, My Experiences - A Detailed Review



Salt Lake City: impressions after several months
Salt Lake City: impressions after several months




Vonage Reviews


Post new topic   Reply to topic  Vonage® VoIP Forum - Vonage News, Reviews And Discussion » Vonage Forum Archive
Author Message
GardRailz
Full Forum Member
Full Forum Member


Joined: Jan 30, 2005
Posts: 73
Location: WV

PostPosted: Thu Feb 17, 2005 9:26 am    Post subject: Security: Lack of response from customercare... Reply with quote Back to top

What's the procedure to cancel the service, just call the main number and say i want to cancel?

I'm not terribly impressed with customercare@vonage.com. I had some valid security concerns that I brought up with them, and yet... All I get is an automated response... I find it highly disturbing that phone personnel state that Vonage is just as secure if not more so than a standard POTS line. Sure, telephones can be tapped, but there are procedures to go about doing it when the tap is done within the POTS cloud. with Vonage, any person that knows what a sniffer is, can fire up ethereal, or other capture utilities and rebuild the voice conversations, or snoop and see what phone numbers you are calling. I've brought this up in the forum, and contacted Vonage support... the only response I got was from the forum admin, who is by far the most responsive and knowledgable individual i've run into with Vonage.

http://www.vonage-forum.com/ftopic2759.html
http://www.vonage-forum.com/ftopic2781.html

If you click on my name, and view the post count and content, you'll see at first I was really gung-ho about this; very excited to work with this technology... then it all tapered off... Sure it's more expensive to have broadband AND telephone service, but at least you don't have to worry about your ISP sniffing your phone conversations, or keeping tabs on you. Yes, I'm paranoid; I do this for a living, and know what happens when sniffers and intrusion detection systems are in place... Privacy is invaded.


I thought Vonage would be able to save me money, and offer a similar level of security as a hard-wired phone. It turns out it can save you money, but at the cost of your privacy. These concerns can only be addressed either by setting up a lightly encrypted tunnel that the voice and SIP information can travel, OR switch the entire system over to SRTP instead of RTP.


Last edited by GardRailz on Thu Feb 17, 2005 5:01 pm; edited 2 times in total
View user's profile Send private message
Martlet
Vonage Forum Master
Vonage Forum Master


Joined: Feb 13, 2005
Posts: 206
Location: Boston

PostPosted: Thu Feb 17, 2005 9:53 am    Post subject: Reply with quote Back to top

Anyone taking the time and energy to rebuild and listen to my conversations is going to be sadly disappointed.
View user's profile Send private message ICQ Number
GardRailz
Full Forum Member
Full Forum Member


Joined: Jan 30, 2005
Posts: 73
Location: WV

PostPosted: Thu Feb 17, 2005 10:01 am    Post subject: Reply with quote Back to top

Martlet wrote:
Anyone taking the time and energy to rebuild and listen to my conversations is going to be sadly disappointed.


That's where you're mistaken, if Vonage is your only service, or you mistakenly communicate credit card or other privacy-act information via it's service. Yes, there's a lot of data that is sent, but depending on the amount of conversation that happens, one minute of conversation is ~ 1MB of raw captured data. With hard-disk storage technology and compression, hundreds of minutes of conversation can be captured and reviewed at a later date.

Better yet, it could be triggered based on the phone call... if you call your bank, someone could kick off an automated capture and gather information about your banking habits, or what not.

What if you call a company to order PC parts, or other equipment via the phone. You have to provide a method of payment which typically includes a credit card number, expiration date, and potentially the code on the back of the credit card (the security number).

With all that information, and the ability to actually play back your voice providing that information, who is to stop individuals from making fraudulent purchases with your financial data?

Why do you think banks require https encryption for that data, should not voice communications go through the same process? I do this for a living, I know what I'm talking about. I'm not taking this personally, I'm just trying to make sure people are aware of the dangers associated with unencrypted data communications.

Heck I can demonstrate how easy it is to capture conversations, or decode AIM messages, or even to show you how easy it is to decode your webpages you surf and display them via a simple perl script, and tcpdump (or other libpcap compatable capture program).

This is a serious matter that Vonage needs to consider if they want to continue to grow, and compete with traditional telephone service.
View user's profile Send private message
Martlet
Vonage Forum Master
Vonage Forum Master


Joined: Feb 13, 2005
Posts: 206
Location: Boston

PostPosted: Thu Feb 17, 2005 10:04 am    Post subject: Reply with quote Back to top

Like I said. While this may be a concern for you, anyone that expends the time and energy to listen to my phone conversations is going to be sadly disappointed.

Do any Voip companies encrypt their service? Is it possible? How would that affect QoS?
View user's profile Send private message ICQ Number
seattlezoid
Vonage Forum Master
Vonage Forum Master


Joined: Jan 30, 2005
Posts: 156

PostPosted: Thu Feb 17, 2005 10:07 am    Post subject: Reply with quote Back to top

Maybe Maxwell Smart could loan you "The Cone Of Silence" Very Happy
Seriously, if security is very important to you mabe POTS is better for you.
As Voip is still fairly new, I'm sure that in the future encrypted lines will be avaiable. ( For more $) Lol
View user's profile Send private message
GardRailz
Full Forum Member
Full Forum Member


Joined: Jan 30, 2005
Posts: 73
Location: WV

PostPosted: Thu Feb 17, 2005 10:33 am    Post subject: Reply with quote Back to top

seattlezoid wrote:
Maybe Maxwell Smart could loan you "The Cone Of Silence" Very Happy
Seriously, if security is very important to you mabe POTS is better for you.
As Voip is still fairly new, I'm sure that in the future encrypted lines will be avaiable. ( For more $) Lol


True, and I'd be willing to pay more money. The thing that really pisses me off is an operator told me it was secure.

Edit:---

Oh, and by the way, when you access your banks website, do you want to do it over http, or https? They can charge an additional fee for that ssl certificate you know Wink


Last edited by GardRailz on Thu Feb 17, 2005 2:21 pm; edited 1 time in total
View user's profile Send private message
vonagebest
Vonage Forum Senior
Vonage Forum Senior


Joined: Jan 23, 2005
Posts: 86
Location: Edison, New Jersey

PostPosted: Thu Feb 17, 2005 10:41 am    Post subject: Reply with quote Back to top

As far as I know it is secure...You have SIP which initiates the call and then RTP stream carries the call and is supposed to be encrypted.

You might be able to get the data, but piecing it back together might take a long time. The social security issue might get resolved first. Smile
View user's profile Send private message AIM Address
kenn10
Vonage Forum Master
Vonage Forum Master


Joined: Jun 07, 2004
Posts: 196
Location: Kennesaw, GA

PostPosted: Thu Feb 17, 2005 11:50 am    Post subject: Reply with quote Back to top

Martlet wrote:
Like I said. While this may be a concern for you, anyone that expends the time and energy to listen to my phone conversations is going to be sadly disappointed.

Do any Voip companies encrypt their service? Is it possible? How would that affect QoS?


Twisted Evil I'm busily surrounding my house with lead and searching for hidden microphones. Maybe if I build a helmet of tin-foil, I can keep the aliens from reading my thoughts. Very Happy

I agree with you, Martlet, most of us just don't care. I order anything I want using SSL on my PC. Never give my account numbers over the phone anyway.

I guess I'm just not paranoid enough to suit everyone. I personally feel there is a much smaller chance of someone listening in on Voip than nosey phone people or government representatives tapping the wires of POTS. The imperial Federal Gov't will listen to whatever they want, if they want to, so why give a care. If someone is paranoid enough that their Voip call will be listend to, stay with POTS or stick to in-person communication.
View user's profile Send private message
GardRailz
Full Forum Member
Full Forum Member


Joined: Jan 30, 2005
Posts: 73
Location: WV

PostPosted: Thu Feb 17, 2005 12:09 pm    Post subject: Reply with quote Back to top

vonagebest wrote:
As far as I know it is secure...You have SIP which initiates the call and then RTP stream carries the call and is supposed to be encrypted.

You might be able to get the data, but piecing it back together might take a long time. The social security issue might get resolved first. Smile


If you'd like, i can provide a step by step demonstration of how easy it is utilizing free tools on the web... RTP is not encrypted, SRTP is the secure protocol.

My network configuration is as follows:
Code:

[cable modem]
            |
            | (eth0 public side)
  [linux Firewall]
            | (eth1 private side)
            |--------------------[vonage router]
            |
   |---------------|
   |                   |
[pc]               [pc]

on the linux firewall, i used the following command before making a test phone call to an automated weatherline (301)797-9797

tcpdump -i eth1 -s 1518 -w rtp.cap host 172.xx.yy.251

after issuing that command, I dialed the number, and listened on the line for ~ 6 seconds. I then killed the capture, and downloaded it to my local XP laptop.

After installing the latest version of ethereal, obtained from http://www.ethereal.com (http://www.ethereal.com/distribution/win32/ethereal-setup-0.10.9.exe) I opened the capture file by double clicking it....

After opening the file, the SIP protocol could be clearly seen, within the SIP protocol there's a handshake process, where the local device 'invites' the remote peer. This invitation looks like this:

Code:

No.     Time        Source                Destination           Protocol Info
      8 3.728364    172.31.31.251         216.115.25.57         SIP/SDP  Request: INVITE sip:13017979797@atlas4.atlas.vonage.net:5061, with session description

Frame 8 (1275 bytes on wire, 1275 bytes captured)
Ethernet II, Src: 00:12:17:de:d8:92, Dst: 00:02:b3:b3:0f:bd
Internet Protocol, Src Addr: 172.31.31.251 (172.31.31.251), Dst Addr: 216.115.25.57 (216.115.25.57)
User Datagram Protocol, Src Port: 5061 (5061), Dst Port: 5061 (5061)
    Source port: 5061 (5061)
    Destination port: 5061 (5061)
    Length: 1241
    Checksum: 0x03d3 (correct)
Session Initiation Protocol
    Request-Line: INVITE sip:13017979797@atlas4.atlas.vonage.net:5061 SIP/2.0
        Method: INVITE
        Resent Packet: False
    Message Header
        Via: SIP/2.0/UDP 172.31.31.251:5061;branch=z9hG4bK-c1eb8f36
        From: 443-541-3368 <sip:14435413368@atlas4.atlas.vonage.net:5061>;tag=a7c6b5b382060016o0
            SIP Display info: 443-541-3368
            SIP from address: sip:14435413368@atlas4.atlas.vonage.net:5061
            SIP tag: a7c6b5b382060016o0
        To: <sip:13017979797@atlas4.atlas.vonage.net:5061>
            SIP to address: sip:13017979797@atlas4.atlas.vonage.net:5061
        Call-ID: a579d7b7-c0cba5e2@172.31.31.251
        CSeq: 102 INVITE
        Max-Forwards: 70
        Proxy-Authorization: Digest username="14435413368",realm="216.115.25.57",nonce="424760

350",uri="sip:13017979797@atlas4.atlas.vonage.net:5061",algorith

m=MD5,response="350e71218a20c3af9b24c59a3276f2ff"
        Contact: 443-541-3368 <sip:14435413368@172.31.31.251:5061>
        Expires: 240
        User-Agent: 001217DED892 Linksys/RT31P2-2.0.12(LI)
        Content-Length: 426
        Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
        Supported: x-sipura
        Content-Type: application/sdp
    Message body


Both phone numbers can be clearly seen and is unencrypted. (this re-enforces my previous statement about individuals being able to capture based on phone numbers dialed) I could paste the actual text data contained in the RTP packets, but that would be useless considering it's audio data. This is how one would decode the data if one were to 'obtain a capture'.

1.) open up the capture file
2.) select the first RTP packet listed in the upper window (the window where a summary of the packets are listed) then click statistics in the menu bar, then select 'RTP' which is the fourth entry from the bottom. That menu will then expand into two additional options "Show All Streams, and Stream Analysis". Select stream analysis.
3.) Another window will pop up, with the name "Ethereal: RTP Stream Analysis", don't worry about the data contained in the window. Just look at the buttons down at the bottom of that window. Select the "Save Payload..." button, and specify a file name like "c:\file.au".

At this point, just double click the file (which is at the top of your C drive) and listen.

Congratulations, you just accessed unencrypted data, and have the ability to listen to any conversation you capture.


Here's a thread of an individual asking how to do what I just described: http://www.vonage-forum.com/ftopic2705-0-asc-20.html

and here's a url on ethereal's website which describes what to do with the capture once you obtain it:
http://wiki.ethereal.com/RTP

and here's a capture file that you can cut your newly developed RTP decoding teeth on:
http://vomit.xtdnet.nl/phone.dump.gz
View user's profile Send private message
kenn10
Vonage Forum Master
Vonage Forum Master


Joined: Jun 07, 2004
Posts: 196
Location: Kennesaw, GA

PostPosted: Thu Feb 17, 2005 12:30 pm    Post subject: Reply with quote Back to top

GardRailz wrote:
If you'd like, i can provide a step by step demonstration of how easy it is utilizing free tools on the web... RTP is not encrypted, SRTP is the secure protocol.



If you'd like, I can take you to the cross-box and show you how to put your butt-set on a pair of wires and listen. We know its un-encrypted. We know our POTS voice lines are unprotected. For every technology, there is some way to break it. Encrypted or not.

This is pointless to argue. Vonage CS personnel are not network engineers and I don't expect them to know about all this. You clearly do so why berate them about it?
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


All times are GMT - 5 Hours

Vonage Service Plans


Vonage VoIP Members
Members List Members
New leomt16
New Today 2
Yesterday 10
Total 99059

Who Is On Site
Visitors 108
Members 0
Total 108


Vonage VoIP Forum Members:
Login Here
Not a Member? You can Register Here
As a registered member you will have access to the VoIP Speed Test, Vonage Service Announcements and post comments in the
Vonage VoIP Forums

Vonage Stock Price
Value: 6.84
Change:   N/A
Up to 15 Minute Delay

Site Search
 






†AK and HI residents pay $29.95 shipping. ††Limited time offer. Valid for residents of the United States (&DC), 18 years or older, who open new accounts. Offer good while supplies last and only on new account activations. One kit per account/household. Offer cannot be combined with any other discounts, promotions or plans and is not applicable to past purchases. Good while supplies last. Allow up to 2 weeks for shipping. Other restrictions may apply.

1Unlimited calling and other services for all residential plans are based on normal residential, personal, non-commercial use. A combination of factors is used to determine abnormal use, including but not limited to: the number of unique numbers called, calls forwarded, minutes used and other factors. Subject to our Reasonable Use Policy and Terms of Service.

2Shipping and activation fees waived with 1-year agreement. An Early Termination Fee (with periodic pro-rated reductions) applies if service is terminated before the end of the first 12 months. Additional restrictions may apply. See Terms of Service for details.

HIGH SPEED INTERNET REQUIRED. †VALID FOR NEW LINES ONLY. RATES EXCLUDE INTERNET SERVICE, SURCHARGES, FEES AND TAXES. DEVICE MAY BE REFURBISHED. If you subscribe to plans with monthly minutes allotments, all call minutes placed from both from your home and registered ExtensionsTM phones will count toward your monthly minutes allotment. ExtensionsTM calls made from mobiles use airtime and may incur surcharges, depending on your mobile plan. Alarms, TTY and other systems may not be compatible. Vonage 911 service operates differently than traditional 911. See www.vonage.com/911 for details.

** Certain call types excluded.

www.vonage-forum.com is not an official Vonage support website & is independently operated.
All logos and trademarks are property of their respective owners. All comments are property of their posters.
All other www.vonage-forum.com content is © Copyright 2002 - 2013 by 4Sight Media LLC.

Thinking of signing up for Vonage but have questions?
Business and Residential customers can call Toll Free 24 hours a day at: 1-888-692-8074
No Vonage Promotion Code or Coupon Codes are required at www.vonage.com to receive any special,
best Vonage cheap deals, free sign up offers or discounts.

[ | | | | | ]

Vonage Forum Site Maps

Vonage | VoIP Forum | How VoIP Works | Wiring and Installation Page Two | International Rate Plans 2 | Internet Phone
Promotion | Vonage Review | VoIP | Broadband Phone | Free Month | Rebate | Vonnage | Vontage | VoIP | Phone Service
Phone | llamadas ilimitadas a Mexico | Latest News | VoIP Acronyms | Deal | Philippines Globe Phone | Site Maps

The Vonage Forum provides the Vonage sign up Best Offer Promotion Deal.
If you are considering signing up for Vonage and have found our Vonage News, Customer Reviews, Forums
& all other parts of this site useful, please use our Vonage Sign up page.


Vonage VoIP Phone Service is redefining communications by offering consumers
& small business VoIP Internet phones, an affordable alternative to traditional phone service.
The Vonage VoIP Forum Generated This Page In: 0.78 Seconds and 574 Pages In The Last 60 Seconds
The Vonage VoIP Forum