VoIP Security Threat - “Call Hijacking”
- 0
- Add a Comment
The animated TECHTip is available here.
Here are some of the kinds of attacks that your VoIP system should be designed and tested to protect against.
Toll Fraud: The IP version of the classic attack by a person impersonating an employee or Console Cracking (asking the operator for an outside trunk) to make long distance calls. However, the attacker impersonates a valid user and IP address by plugging in their phone or spoofing the MAC ethernet address.
Eavesdropping: The attacker sniffs (taps into the LAN wireline or Wi-Fi connection) to intercept voice messages. Easily available programs such as VOMIT-Voice Over Misconfigured Internet Telephony perform this function.
Call Hijacking: Attacker spoofs a SIP Response redirecting the caller to a rogue SIP address and intercept the call.
Resource Exhaustion: Also Known As DOS [Denial Of Service] attack. This attack reduces the number of available IP addresses, bandwidth, processor memory, and other router/server functions.
Message Integrity: MIM [Man-In-the-Middle] attack to intercept, alter, or redirect call.
Message Type Attacks: Attacker bombards (repetitive) SIP server with BYE or CANCEL messages or ICMP [Internet Message Control Protocol] “port unreachable” messages.
TECHtionary is the world’s first and largest animated (rich media) library/magazine on technology, and is Web Hosting Magazine’s Editor’s Choice for Technical Help. TECHtionary has more than 2,680+ free tutorials on data, Internet, wireless, VoIP, PBX systems, central office switching, protocols, telephony, telecommunications, networking, routing, IPTV, WiMax, power systems, broadband, Wi-Fi, and other technologies. TECHtionary.com provides “just enough - just-in-time” critical success information. TECHtionary produces animated sales brochures, virtual installation manuals, and animated Web infomercials proven to “increase revenues, decrease customer support costs, and increase customer satisfaction.” Tom Cross, CEO of TECHtionary, is the Security and Emerging Technology Columnist for TMCnet, Technology Columnist for Telecommunications Magazine, and member of the Technical Board of Advisors for the VoIP-Security Alliance. TECHtionary also publishes animated medical tutorials. Job opportunities and postings can be found at Ciscopedia.
