Now that we know the basics of the IAX protocol and its use in authentication, let's discuss some of the many security attacks. In this section, we will discuss the following VoIP attacks on devices using IAX for session setup and media communication:
Offline dictionary attack (IAX.Brute)
Active dictionary attack
MD5-to-plaintext downgrade attack (IAXAuthJack)
Denial of Service attacks
IAX usernames can be enumerated, in a manner similar to the process described in Chapter 3 for the H.323 protocol. Username enumeration of valid IAX users can be completed using the enumIAX tool written by Dustin D. Trammel. ...