[VOIPSEC] Actual Attacks

David Chitolie david at chitolie.com
Fri Feb 18 07:02:17 CST 2005 

Hi All,

Although I have been involved in IP systems for many years I am fairly 
new to VoIP and have a new project to deploy many VoIP systems around 
the world.

 From what I have found on the web it seems like Vomit (Voice over 
Misconfigured Internet Telephony) SPIT (SPAM over internet technology) 
and DOS (Denial of Service) are the most common form of expected 
attacks to VoIP systems.

VOMIT allows users to save telephone conversations to a .wav file from 
a tcpdump file. I am guessing that the risk here is with LAN users 
running tcpdump to capture traffic and in a switched environment this 
will not be very easily achieved unless ARP redirect or switch port 
monitoring is used by an employee.

SPIT - (unwanted messages clogging up your voice mail box) This is not 
a problem now but there are lots of warnings to be aware it may happen 
soon.

DOS - This sounds like a real threat as IP DOS attacks are already here 
in standard IP networks and from the reply by Christopher Martin it 
looks to be a problem already.

Has anyone found a database of help or known security concerns?

I have found a useful sites for SIP security and SIP firewalls: 
http://www.sipcenter.com/sip.nsf/html/Firewalls+Security

David Chitolie
Freelance Project Manager


On 17 Feb 2005, at 12:30, Robert Rolen wrote:

> Has a catalog or database been established to report and track actual 
> attacks against VOIP systems.  I realize there are typical internet 
> attacks (spoofing, Trojans, sniffers, denial of service), but are the 
> attacks being documented to track the increase in attacks.
>
>  There are a lot of telecommunications managers that are not talking 
> with the IT departments and some of the IT departments see the 
> telephone system as just another responsibility added to their staff.
>
> The trend of convergence for all security systems (Access Control, 
> CCTV, Alarms) into IP networks is rapidly becoming a reality.
>
> Is there a trend to continue the isolation of the telephone system 
> from the office LAN?
>
> A storybook of problems, incidents and trends would go a long way to 
> enhance the VOIP protection budget.
>
> Any Thoughts?
> Bob Rolen
> Birmingham, Al
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
Regards

David

More information about the Voipsec mailing list