As you can see, there are a
Cisco Systems. "Quality of Service for Voice over IP." http://www.cisco.com/en/US/tech/tk652/tk698/technologies_white_paper09186a00800d6b73.shtml
SYN floods. http://www.cert.org/advisories/CA-1996-21.html
UDP flooding. http://www.cert.org/advisories/CA-1996-01.html
Yee-Ting Li. http://www.hep.ucl.ac.uk/~ytl/qos/index.html
Get a good night's sleep and don't bug anybody without asking me.
Richard M. Nixon
Throughout history, people have sought to safeguard the privacy of their communications. One of the better known examples comes from Julius Caesar, who invented a rudimentary shifting cipher (known as the Caesar Cipher ) to encode military communications sent to his army via messenger. Since Julius Caesar's age, the field of cryptography has advanced substantially to support almost any form of communication, including VoIP.
As VoIP is simply just another data application, there are a variety of ways to safeguard one's privacy along the various OSI layers. Unfortunately, there are also a variety of ways that an attacker can compromise the privacy of your VoIP conversations by targeting each of those
The four major network eavesdropping attacks that we will cover in this chapter include
TFTP configuration file sniffing, number
We have largely left physical layer attacks out of this chapter. Not to be dismissive, but if any of the
Let's first define the four attacks we just outlined before describing the different ways they can be performed.
As you learned in Chapters 2 and 3, most IP phones rely on a TFTP server to download their configuration file after powering on. The configuration file often contains passwords that can be used to connect back directly to the phone (in other words, telnet, the web interface, and so on) and administer it. An attacker who is sniffing the wire when the phone downloads this file can glean these passwords and
Number harvesting describes an attacker
Call pattern tracking goes one step further than number harvesting to determine who someone is talking to, even when their actual conversation is encrypted. This has obvious benefits to law enforcement if they can determine any potential accomplices or fellow criminal conspirators. There are also corporate espionage implications as well if an evil corporation is able to see which customers their
The most hyped and the threat of most concern to many VoIP users is conversation eavesdropping. Quite simply, this attack describes an attacker recording one or both sides of a phone conversation. Beyond learning the actual content of the conversation, an attacker can also use tools to translate any touch tones pressed during the call. Touch tones, also known as
dual-tone multifrequency (DTMF) tones,
are often used when