Check Point Advisories

Security Best Practice: Protect Yourself from VoIP Denial of Service Vulnerabilities

Check Point Reference: SBP-2008-20
Date Published: 15 Aug 2008
Severity: Medium
Last Updated: Sunday 14 March, 2010
Source: IPS Research Center
Protection Provided by:
Who is Vulnerable? VoIP Systems
Vulnerability Description VoIP opens voice communications to the same kinds of security threats that imperil data communications. Attacks on data communications can come through the IP voice infrastructure and vice versa. Denial of service attacks targeting weak VoIP elements could flood the network with voice traffic, degrading network performance or shutting down both voice and data communications. Hacked-into gateways might be used to make unauthorized free telephone calls. Unprotected voice communications might be intercepted and stolen or corrupted. Voice packets can be sniffed out and listened to in real time. PC-based soft phones are vulnerable to eavesdropping if the PC is infected with a Trojan horse that snoops into LAN traffic. Voicemail can be redirected to "ghost" mailboxes.
Vulnerability DetailsVoice and video traffic, like any other information on the corporate IP network, has to be protected as it enters and leaves the organization. Possible threats to this traffic are:
  • Stealing calls, where the caller pretends to be someone else (by registering the calls in the name of another user).
  • Call hijacking, where calls intended for the receiver are redirected to the hijacker.
  • Systems hacking using ports opened for VoIP connections.
  • Denial of Service attacks, where a rogue phone floods the network with calls, thereby interfering with proper use of the phone network.

VoIP calls involve a whole series of complex protocols, each of which can carry potentially threatening information through many ports.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK