Now that we know the basics of SIP authentication and encryption, let's discuss some of the security attacks. It is no secret that SIP has several security vulnerabilities; some are documented in the RFC itself, and a simple web search for VoIP security issue will return several hits that involve SIP security weaknesses.
While an entire book could be devoted to SIP security attacks, we'll focus on VoIP attacks on devices using SIP for the session setup. We'll cover a few of the more popular attacks in the most critical attack classes, namely:
SIP password cracking (dictionary attack)
Spoofing Registrars and Proxy servers
Denial of Service, including