Monday, December 11, 2006

Nice article on VoWifi by Deb Shinder @ TechRepublic

Voice over IP (VoIP) technology allows companies to cut the telco cord and make phone calls over the internet.

Now, with VoIP over wireless — also called VoW, VoWiFi, wVoIP, and a number of other acronyms — organisations can cut all the cords. Numerous vendors are offering Wi-Fi IP phones that operate on the same 802.11 technologies used for wireless networks.

According to a study from Infonetics Research, sales of Wi-Fi IP phones will likely reach $3.7bn (£2bn) by 2009. The market already totalled more than $125m in 2005, and it's growing steadily, particularly in business fields that have many mobile workers. That includes people who work in hospitals and factories, on sales floors, etc.

Major consumer-level networking equipment makers such as D-Link, NETGEAR, and Linksys are also getting into the act, selling IP phones that work with their Wi-Fi routers. Enterprise-class vendors make IP phones that work with business WLANs and IP PBX equipment. FierceMarkets hosted the Wireless VoIP Executive Summit in November 2006, which addressed present and future wireless VoIP technologies and issues.

Many technology analysts think the wave of the future will be dual-mode mobile phones, which can function as IP phones on a Wi-Fi network where one is available (be it home, office, or public hot spot) or use cellular technology in areas where there's no Wi-Fi network. Either way, the phone would have the same phone number. Because costs would be low when using Wi-Fi, such a device could replace the landline entirely for many users.

Is your organisation ready for VoIP over wireless? Here's an overview of some of the technology's pros and cons.

Advantages of wireless VoIP
A big advantage of wireless VoIP is lower cost as compared to traditional cellular phone technology. Wi-Fi networks are already in place in many areas, and companies can deploy them quickly and inexpensively where they're not. People can use IP phones wherever an Internet connection is available, and VoIP call quality is rapidly improving — to the point where in many cases it's equal to or better than cellular.

If properly implemented and marketed, wireless VoIP could become as big a challenger to traditional cellular phones as wired VoIP is becoming to landlines. Major VoIP providers are already going wireless. For example, Skype recently added the ability to run its service on Windows Mobile devices.

Two big challenges
The concept sounds great: Combine the low cost of VoIP with the convenience of wireless networking. It's the logical next step in the move toward more cost-effective and mobile telephony. But there are a couple of major obstacles to implementation — reliability and security.

The reliability question
Most users are willing to tolerate some downtime and delays associated with computers and data networks. We don't expect to receive our email messages instantly, and if network glitches result in a few minutes' or even a few hours' delay in delivery, we don't think too much about it.

When it comes to voice communications, however, the public switched telephone network (PSTN) system has spoiled us. We expect the phones to work — every time. We expect high-quality transmissions. And we expect the connection to stay connected until we choose to disconnect.

The reliability question is the biggest reason that organisations haven't adopted VoIP more quickly. Because it's a real-time application, VoIP is more sensitive to packet loss and other networking problems than most data-oriented applications.

And wireless technologies add another layer of things that can go wrong. RF interference, range limitations, weak signals, and the like can cause a VoIP call to break up or disconnect. Performance and quality problems with a VoIP-over-wireless connection can originate with the network/bandwidth, QoS configuration, or the endpoints (handset or call server).

But tools are available to help troubleshoot VoIP performance problems. For example, enterprises can use AirMagnet's VoFi Analyzer to validate and watch quality of service (QoS) and monitor VoIP calls end to end.

Security issues
Wireless security concerns have kept many companies from implementing 802.11 networks on their sites, and it's as much of an issue for VoIP as for other applications that transmit over wireless. Because the VoIP packets travel across the airwaves, it's easier for an intruder or attacker to intercept them as they move across the network.

The same security threats exist for wireless VoIP as for wired VoIP — and then some. The same security mechanisms used for wired VoIP — such as IPSec encryption to protect the confidentiality of packets at the network layer, TLS encryption to protect session initiation and secure call traffic at the session layer, and Secure RTP (SRTP) to encrypt the media at the application layer — are all applicable to wireless VoIP as well. But companies need to take additional steps to secure the wireless link itself.

To secure wireless VoIP, organisations need to establish the right policies, use the right security protocols, and select the right equipment. Here are some tips:

Policies should prohibit "rogue" access points and ensure the authentication and encryption of all VoIP calls using wireless channels.
Wireless encryption should not be Wired Equivalent Privacy (WEP), which has many known weaknesses, but a stronger wireless encryption method such as Wi-Fi Protected Access (WPA).
When selecting IP phones, use "hard phones" that are less prone to viruses and attacks than "soft phone" software installed on a regular PC operating system, and choose phones that support strong encryption.

The next natural step in network convergence is the combination of VoIP and wireless networking technologies, which have the potential to dramatically lower the cost of anywhere/anytime telephone service. While there are some obstacles to implementing wireless VoIP — primarily issues of reliability/performance and security — there are steps companies can take to improve performance, increase security, and make VoIP over wireless a viable option for your organisation.

Friday, December 08, 2006

Linksys WIP330 Wireless-G IP Phone DoS Attack

A vulnerability has been identified in Linksys WIP330 Wireless-G IP Phone, which could be exploited by attackers to cause a denial of service. This flaw is due to an error when handling a full nmap port-range scan, which could be exploited by attackers to cause the "PhoneCtl.exe" application to crash, creating a denial of service condition.

Affected Products

Linksys WIP330 Wireless-G IP Phone firmware version 1.00.06A and prior


The FrSIRT is not aware of any official supplied patch for this issue.


Be alerted when new exploits, vulnerabilities, or patches related to this product are released. Subscribe to FrSIRT VNS.



Vulnerability reported by Shawn Merdinger


2006-12-07 : Initial release


If you have additional information or corrections for this security advisory please submit them via our contact form or by email to

Wednesday, December 06, 2006


Sangoma Technologies a leading provider of connectivity hardware and software products for VoIP, TDM voice, WANs and Internet infrastructure, is now shipping its A400 Series -- the high density version of the popular A200 series analog cards.

Identical in operation and configuration and using the same FXO and FXS modules, the A400 system supports twelve ports per main board and REMORA, as compared to four ports for the A200.

For more info and pricing please call 877-4e4-VoIP

Telappliant launches Asterisk dCAP Training and Certification Program for UK and European Markets

[UKPRwire, Mon Dec 04 2006] Telappliant, the leading UK-based Internet telephony solution provider, in an agreement with Digium® Inc., the Asterisk® company, are set to launch a suite of Asterisk training courses to address the needs of the enterprise market. This is the first European extension of the Digium Certified Asterisk Professional (dCAP) training programme, which originated in the United States. Courses will range from a one-day induction to a five-day “Boot Camp” and provide medium to large enterprises insight into Asterisk technology for those with basic to advanced skills.

“As the industry’s first open source telephony platform with implementations all over the globe, dCAP certification helps to identify Asterisk experts,” said Bill Miller, vice president of product management and marketing at Digium. He added, “The value in becoming a dCAP is not only the recognition of having deep Asterisk knowledge and the ability to configure a PBX, but also the ability to bring a new skill set to one’s career or company”.

This dCAP training programme, provided by Telappliant, will be the first-recognised Asterisk qualification awarded by Digium in Europe. Attendees who successfully complete the advanced courses will be seen within the Asterisk community as having expert knowledge of a specific released, stable version of Asterisk. In addition, they will have completed a hands-on practical lab in which a PBX was configured according to a given specification.

“Asterisk growth is rising, especially among medium and large enterprises,” said Muhammad Nasim, CTO of Telappliant Ltd. “With our certification programme, attendees can learn how to setup and install Asterisk and gain certification in a VoIP technology that is fast becoming the solution of choice for many organisations. Surpassing more than one thousand downloads per day we are now seeing very large organisations implementing Asterisk-based solutions. Many of our larger customers are now requesting formal training and qualification programmes. The dCAP qualification is the first of such certifications and will stand as a recognised and valuable qualification among organisations.”

The courses are scheduled to begin in January 2007 and those interested are encouraged to apply now. Information on training can be found by visiting

About Telappliant
Telappliant is a leading UK-based Internet telephony solution provider, specialising in end-to-end solution delivery for the enterprise market. Telappliant owns and operates the VoIPtalk™ Internet telephony network and offers a diverse range of Asterisk-based solutions ranging from VoIPOffice™ Enterprise IP PBX to White Label services for resellers and service providers. Further information can be found by visiting

Nortel Introduces Managed VoIP

Nortel has introduced its latest Network Managed Service that enables enterprises to speed the transition from traditional voice networks to secure, reliable, high-quality IP telephony while reducing both cost and risk.

The Nortel Managed VoIP Service with Proactive Voice Quality Management (PVQM) provides round-the-clock IP telephony network operation and management, along with real-time support for VoIP quality of service.

Thomson and SunRocket

Details were sparse but the companies said it would entail "promotional activities to expand the presence of SunRocket's VoIP services," alongside GE-branded hardware to "leverage various feature capabilities available through SunRocket Internet phone service."

SunRocket has no retail relationships in place but could leverage Thomson's distribution to place its models on store shelves, said Rob Chandock, chief product officer, SunRocket.

SunRocket currently sells a Uniden cordless phone enabled with its service alongside a terminal adapter directly through its Web site. The company was the first to offer an annual phone plan, where consumers pay $199 for a year's worth of unlimited local and long-distance calling.
To order the GE VoIP phone please visit:

Plantronics Wireless Headset System VoIP

Oracle has selected Platronic Inc's Voyager 510-USB Bluetooth headset system, to optimize VoIP communications and increase efficiency. This is an in-house application at Oracle.

Combining Voyager 510-USB with a VoIP-enabled laptop and mobile phone, its employees will have a single wireless headset to be used across multiple applications.

For more on Plantronics headsets for your VoIP environment please visit

Sangoma announces new partners

Open source PBX solutions provider Sangoma Technologies announced Monday the addition of three companies to their partner network

The three companies are:

  • Teldori Communications
  • Indosoft, Inc.
  • eCRM

Whaleback Updates PBX

Whaleback Systems announced the next release of its CrystalBlue Voice Service. this service will offer the SMB market new telephony calling features and hosted applications.

The Portsmouth, N.H. service provider calls the new service "Cuttyhunk" which features an improved KSU (key systems unit) and IP PBX (private branch exchange) calling functionality.

Ascalade Communications ships cordless VoIP phones

Ascalade said it collaborated with Skype, the Internet-telephony subsidiary of online auctioneer EBbay, to develop the product, which enables callers to use Skype's Internet calling software without a computer.