Archive for the 'Voice Over IP' Category

Hacking Vonage: How To Eavesdrop On Calls

Posted in Voice Over IP on July 10th, 2006

Vonage’s subscriber growth has exploded over the past few years, but how many of those customers realize how vulnerable their calls are to eavesdropping by third parties?

Vonage, like many other VOIP providers, uses SIP for call signaling and several RTP codecs for the audio portion. Vonage goes to great lengths to encrypt the configuration files used on the ATA adapters, but NO encryption is used on the audio portion of a call. Anyone with access to the RTP packets and the proper codec can monitor and record Vonage calls. This video tutorial walks you through the process of intercepting and monitoring Vonage calls on your network.

Watch the Hacking Vonage Tutorial

Do it Yourself Prerequisites:

  1. Windows 2000/XP.
  2. Access to the same IP Subnet as the Vonage Adapter.
  3. A working install of Cain.

The following diagram details the network configuration used for the tutorial.

Do It Yourself Free Caller ID Spoofing

Posted in Voice Over IP on January 6th, 2005

Spoofing Caller ID information for free is really simple these days. All you need is a few bucks and some open source software. The following steps should have you spoofing away in no time.

Click here for a free demo!


  • A working installation of Linux.

Installing Asterisk

- Login to your Linux system as user “root”
- Run the following commands to download Asterisk for free:

cd /usr/src
cvs login < --- Use anoncvs as the password
cvs checkout asterisk

- Run the following commands to compile Asterisk:

cd /usr/src/asterisk
make clean
make install
make samples

If you run into any problems with the Asterisk installation, consult the Asterisk Wiki for assistance.

Creating a NuFone Account

Fill out the NuFone Account Creation Form.

  • Choose IAX as the signaling type.
  • Choose “Pay as you go” as the plan.

After you complete the account creation process, you should receive an confirmation email from NuFone containing your login credentials.

Configuring Asterisk

- Login to your Linux system as user “root”
- Edit /etc/asterisk/extensions.conf and add the following lines to the end of the file. Be sure to substitute your own username and password!

exten => _XXXXXXXXXX,1,dial,IAX2/${EXTEN}
exten => _XXXXXXXXXX, 2, congestion() ; No answer, nothing
exten => _XXXXXXXXXX, 102, busy() ; Busy

Creating the Call File

To spoof Caller ID for free using this method, you will need to know the following three bits of information.

  • Your Phone Number
  • The Phone Number of the Person You are Calling
  • The Phone Number You are Spoofing

Create /tmp/ with the following lines. Remember to substitute your information for spoofnumber, yournumber, and callnumber. Please note that yournumber is the only one that requires a “1″ at the beginning.

Channel: IAX2/
Callerid: spoofnumber
MaxRetries: 5
RetryTime: 60
WaitTime: 30
Context: spoofing
Extension: callnumber
Priority: 1

Here is an example call file assuming the following details:

  • My Number is 404-222-2222
  • I want to call 404-333-3333
  • I want to spoof the Caller ID as 404-867-5309

Channel: IAX2/
Callerid: 4048675309
MaxRetries: 5
RetryTime: 60
WaitTime: 30
Context: spoofing
Extension: 4043333333
Priority: 1

Starting Asterisk

- Login to your Linux system as user “root”.
- Choose one of the following ways to start Asterisk. Don’t run both commands!
- Run the following command to start Asterisk in background mode:


- Run the following command to start Asterisk in CLI mode:

/usr/sbin/asterisk -c

Spoofing Caller ID for Free

Now that you have Asterisk installed, configured, and running, it's time to have a little fun with Caller ID.

- Login to your Linux system as user "root"
- Run the following command to initiate the spoofed Caller ID phone call:

cp /tmp/ /var/spool/asterisk/outgoing

- Asterisk will detect the call file and initiate an IAX call to your phone number. Once you answer the call, Asterisk will then dial the other number and bridge the two calls together.

Cautions and "Don't Try This At Home" Disclaimer

Spoofing Caller ID for free using a NuFone account certainly violates their Terms of Service and will probably get your account suspended or terminated. There may also be other legal issues with spoofing Caller ID, but I'm not a lawyer.