SIP Security Attacks
Now that we know the basics of SIP authentication and encryption, let's discuss some of the security attacks. It is no secret that SIP has several security vulnerabilities; some are documented in the RFC itself, and a simple web search for VoIP security issue will return several hits that involve SIP security weaknesses.
While an entire book could be devoted to SIP security attacks, we'll focus on VoIP attacks on devices using SIP for the session setup. We'll cover a few of the more popular attacks in the most critical attack classes, namely:
Username enumeration
SIP password cracking (dictionary attack)
Man-in-the-middle attack
Registration hijacking
Spoofing Registrars and Proxy servers
Denial of Service, including
BYE
REGISTER
Get Hacking VoIP now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.