Hacking Exposed VoIP and over one million other books are available for Amazon Kindle. Learn more

Sorry, this item is not available in
Image not available for
Image not available

To view this video download Flash Player


Sign in to turn on 1-Click ordering
Sell Us Your Item
For a $3.75 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Start reading Hacking Exposed VoIP on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions [Paperback]

by David Endler, Mark Collier
4.5 out of 5 stars  See all reviews (6 customer reviews)

List Price: $55.00
Price: $52.25 & FREE Shipping. Details
You Save: $2.75 (5%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock.
Ships from and sold by Amazon.com. Gift-wrap available.
Want it Monday, April 28? Choose One-Day Shipping at checkout. Details
Free Two-Day Shipping for College Students with Amazon Student


Amazon Price New from Used from
Kindle Edition $39.99  
Paperback $52.25  
Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Book Description

November 28, 2006 0072263644 978-0072263640 1

Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way

"This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies." --Ron Gula, CTO of Tenable Network Security

Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.

  • Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardware
  • Fortify Cisco, Avaya, and Asterisk systems
  • Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
  • Thwart number harvesting, call pattern tracking, and conversation eavesdropping
  • Measure and maintain VoIP network quality of service and VoIP conversation quality
  • Stop DoS and packet flood-based attacks from disrupting SIP proxies and phones
  • Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
  • Avoid insertion/mixing of malicious audio
  • Learn about voice SPAM/SPIT and how to prevent it
  • Defend against voice phishing and identity theft scams

Frequently Bought Together

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions + Hacking VoIP: Protocols, Attacks, and Countermeasures + Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
Price for all three: $133.20

Buy the selected items together

Editorial Reviews

About the Author

David Endler is the Director of Security Research for TippingPoint, a division of 3Com. Previously, he performed security research for Xerox Corporation, the NSA, and MIT.  Endler is also the chairman and founder of the Voice over IP Security Alliance.

Mark Collier is CTO for SecureLogix Corporation.  He is an expert author and frequent presenter on the topic of VoIP security. Collier is also a founding member of the Voice over IP Security Alliance.

Product Details

  • Series: Hacking Exposed
  • Paperback: 539 pages
  • Publisher: McGraw-Hill Osborne Media; 1 edition (November 28, 2006)
  • Language: English
  • ISBN-10: 0072263644
  • ISBN-13: 978-0072263640
  • Product Dimensions: 9.1 x 7.4 x 1.2 inches
  • Shipping Weight: 2.1 pounds (View shipping rates and policies)
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (6 customer reviews)
  • Amazon Best Sellers Rank: #560,088 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

4.5 out of 5 stars
4.5 out of 5 stars
Share your thoughts with other customers
Most Helpful Customer Reviews
11 of 11 people found the following review helpful
5.0 out of 5 stars A great Hacking Exposed and VoIP security book May 6, 2007
Hacking Exposed: VoIP (HE:V) is the sort of HE book I like. It's fashionable to think HE books are only suitable for script kiddies who run tools they don't understand against vulnerable services they don't recognize. I like HE books because the good ones explain a technology from a security standpoint, how to exploit it, and how to defend it. I thought HE:V did well in all three areas, even featuring original research and experiments to document and validate the authors' claims.

HE:V is a real eye-opener for those of us who don't perform VoIP pen testing or assessments. It's important to remember that the original HE books were written by Foundstone consultants who put their work experience in book form. HE books that continue this tradition tend to be successful, and HE:V is no exception. Good HE books also introduce a wide variety of tools and techniques to exploit weaknesses in targets, and HE:V also delivers in this respect. HE:V also extends attacks beyond what most people recognize. For example, everyone probably knows about low-level exploitation of VoIP traffic for call interception and manipulation. However, chapter 6 discusses application-level interception.

HE:V goes the extra mile by introducing tools written by the authors specifically to implement attacks. In at least one case the authors also provide a packet capture (for the Skinny protocol) which I particularly appreciate. HE:V also looks ahead to attacks that are appearing but not yet prevalent, like telephony spam and voice phishing. Taken together, all of these features result in a great book. You should already be familiar with the common enumeration and exploitation methods found in HE 5th Ed, because the HE:V authors wisely avoid repeating material in other books (thank you).

If you want to understand VoIP, how to attack it, and how to defend it, I highly recommend reading HE:V. The book is clear, thorough, and written by experts.
Comment | 
Was this review helpful to you?
5 of 5 people found the following review helpful
5.0 out of 5 stars Invaluable VoIP Security Handbook August 10, 2007
In this book David Endler and Mark Collier have pulled together a vast wealth of material about hacking VoIP networks at every possible level. More than this, they have also created new value in the form of software test tools, which they have published on an accompanying website. It really is a must-have reference book for anyone working in VoIP.

Chapter 1 talks about Google hacking, or in other words, using the Internet to find out things about a target network. They show that Google can be a crucial tool in finding out what type of hardware and software you use in your VoIP networks, and in some cases will give vital clues even about how to login to the management systems of your network from the Internet. If this doesn't scare the bejesus out of you, then proceed on to further chapters about more VoIP-specific issues.

Chapters 2 and 3 detail the kind of tools a hacker might use to scan your network and enumerate all the devices, i.e. build their own map of how your network is laid out, right down to the telephone numbers and MAC addresses of desktop phones. Chapter 4 talks about Denial-of-Service, and the kind of attack resources that hackers might use to cripple a telephony network.

Chapter 5 is on VoIP eavesdropping, talking about some existing tools that can be used for this (Oreka, Wireshark and the unpleasantly named vomit), and as in the earlier chapters, some suggestions on how to defend against such a type of threat. Chapter 6 goes further to explain how a VoIP man-in-the-middle attack might be mounted, giving the possibility not just to listen, but to modify, replace or remix the audio stream.

Chapters 7, 8, 9 talk about specific platform threats, namely to Cisco Unified CallManager, Avaya Communication Manager and the Asterisk PBX.
Read more ›
Comment | 
Was this review helpful to you?
3 of 3 people found the following review helpful
Format:Paperback|Verified Purchase
This book has a lot of good background info on VoIP systems. It covers Cisco Call Manager, Avaya, and Asterisk VoIP systems in depth.

It's definitely focused on SIP and RTP, and focused on Enterprise VoIP deployments. The authors appear to be unaware of hosted / carrier VoIP, such as used by Verizon. The authors don't mention anything about BroadSoft BroadWorks, MetaSwitch, Acme Packet, Sylantro, or others, though their general technology coverage certainly relates to these systems. I also wish they had considered some of the very popular SIP phones -- e.g., Linksys and Polycom.

They give examples of using numerous VoIP security-scanning / exploit tools. The theoretical attacker in the book likely has physical access to the target network, or at least layer-2 (Ethernet) access. Many of the attacks are much more difficult or impossible if you're attacking across the Internet.

Still, coverage of the tools is very useful to a Carrier VoIP researcher.
Comment | 
Was this review helpful to you?


There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
First post:
Prompts for sign-in

Look for Similar Items by Category