O'Reilly logo

Hacking VoIP by Himanshu Dwivedi

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SIP Security Attacks

Now that we know the basics of SIP authentication and encryption, let's discuss some of the security attacks. It is no secret that SIP has several security vulnerabilities; some are documented in the RFC itself, and a simple web search for VoIP security issue will return several hits that involve SIP security weaknesses.

While an entire book could be devoted to SIP security attacks, we'll focus on VoIP attacks on devices using SIP for the session setup. We'll cover a few of the more popular attacks in the most critical attack classes, namely:

  • Username enumeration

  • SIP password cracking (dictionary attack)

  • Man-in-the-middle attack

  • Registration hijacking

  • Spoofing Registrars and Proxy servers

  • Denial of Service, including

    • BYE

    • REGISTER

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required