We had no idea that this would turn into a global and public infrastructure.
Vint Cerf, one of the founding fathers of the Internet
The average number of denial of service (DoS) attacks detected per day was 1,402, an increase of 51% from the first half of 2005.
Symantec Internet Security Threat Report, March 2006
VoIP applications are much more sensitive to network bandwidth issues than most other applications in your environment. Why? Because to sound clear, all VoIP conversations have fairly strict bandwidth and latency requirements as compared to traditional data applications that are a little more forgiving (web, email, and so on). As you will see in this chapter, just adding a little bit of latency or jitter to your VoIP network can degrade phone calls to the point where they are unintelligible.
Adding VoIP technology to your traditional data network introduces a new security requirement called quality of service (QoS) . In a nutshell , QoS describes your network's ability to prioritize traffic so that regardless of bandwidth utilization by other applications, VoIP calls sound clear and are nearly indistinguishable from traditional PSTN calls. For instance, most home users have at one time or another noticed that while downloading a large file from the Internet, any ongoing VoIP conversation sometimes sounds jittery or scratchy until the download finishes.
Network availability is a preexisting security requirement in your data network that also affects your VoIP applications. It is fairly obvious that if your data network experiences downtime because of a DoS attack or a faulty router, your VoIP infrastructure is dead in the water as well.
On their own, QoS and network availability are often hard enough for an IT staff to ensure across an entire enterprise, without also having to worry about unintentional internal threats such as bandwidth oversubscription, resource exhaustion, network device crashes, or device misconfigurations.
In this chapter, we will cover some traditional network denial of service attacks that can originate from inside or outside your perimeter, depending on the level of access an attacker might have obtained. We will also cover other types of malicious VoIP DoS attacks that target your supporting infrastructure, such as DNS poisoning , DHCP exhaustion, and ARP table manipulation to name a few.