Attacks on IP telephony systems may well exploit weaknesses in softphones and other equipment and software in a similar way.
How to stop it: Where calls flow through the public internet, there is little than can be done to prevent overloading of the network – whether for legitimate or illegitimate purposes.
In private networks, however, it is possible to divide the available capacity to create two or more logical networks, each with its own capacity limits. This allows phone calls to be kept separate from data transfers, substantially reducing the possibility of interference.
Similarly, quality of service controls can be used to differentiate voice from other traffic, ensuring that phone calls are given higher priority as they call on network resources. Quality can be further assured by operating call acceptance controls. These ensure that calls are accepted only while capacity is available. After that, callers hear busy tone.
Large-scale concerted attacks on call managers and other VoIP infrastructure have yet to occur, but the experience with data networks is that a combination of effective defences and prompt and effective action is required to either prevent attacks or mitigate their effects until the attacks subside or can be brought under control.
Like those managing data networks and computer installations, staff responsible for IP telephony systems will need to be able to detect attacks quickly as they develop, identify their sources and reconfigure network resources to minimise the effects as far as possible. New tools and techniques are being developed to assist in these tasks and will undoubtedly have a significant role to play in the future.
Theft of service
The goal: To make phone calls at someone else’s expense without their permission.
How it works: This requires the ability to access or connect to an organisation’s IP phone network or the theft of log on details for public services.
As is the case with conventional phone systems, anyone who is given access to an organisation’s premises can use any phone that’s working and enabled at the time. In addition, if an attacker can gain access, call routing software can be modified to grant callers to selected numbers access back into the public phone network – so called dial-through fraud.