WordPress database error: [Duplicate entry '62552' for key 1]
INSERT INTO wp_bas_visitors (visit_ip, referer, osystem, useragent, lasthere) VALUES (644300604, 1, 745, 3655, '2008-10-11 19:53:32');

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND referer = referer_id AND osystem = os_id AND useragent = ua_]
SELECT * FROM wp_bas_visitors, wp_bas_refer, wp_bas_ua, wp_bas_os WHERE visit_id = AND referer = referer_id AND osystem = os_id AND useragent = ua_id

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '2008-10-11 19:53:32', 0, 2404)' at line 1]
INSERT INTO wp_bas_log (visit, stamp, outbound, page) VALUES (, '2008-10-11 19:53:32', 0, 2404);

The Sys-Security Group » Blog Archive » Cisco IP Phones - The next easiest venue into your NACed network?
« More Hardware Issues with My MacBook Pro
An ‘A’ to Apple Support »

Cisco IP Phones - The next easiest venue into your NACed network?

VoIP, IP Phones, and the gear from Cisco always fascinated me. In the past I have published several advisories and papers regarding vulnerabilities and security issues I have found with the Cisco IP Phone gear.

Looking into how Cisco handles IP Phones with their NAC solutions caused me to raise some interesting questions regarding it.

The IP phones identify/authenticate to Cisco NAC solutions using CDP packets. These packets can be easily spoofed. Usually a computer will be hooked to the IP Phone. The IP phone would assign a different VLAN tag for traffic from the IP phone, and a different VLAN tag for the computer date. What if a hub is connected to the wall, the computer is disconnected from the IP phone and now is connected to the hub and uses the VLAN tag of the Voice VLAN? What if the computer spoof an “authenticating” CDP packet?

Not even mentioning the fact the IP phone can be disconnected and the computer may completely abused its MAC address and the special authentication way of it.

You get the picture.

This entry was posted on Tuesday, May 8th, 2007 at 11:01 am and is filed under NAC, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.