Traditional Network HIjacking (Man-in-the-Middle)

A traditional man-in-the-middle (MITM) attack is one in which an attacker is able to insert herself between two communicating parties to eavesdrop and/or alter the data traveling between them without their knowledge. In a VoIP threat scenario, a hacker launching an MITM attack could consequently perform a variety of other attacks (by, for example, spoofing a SIP proxy or inserting herself between the user and SIP proxy) including

• Eavesdropping on the conversation

• Causing a denial of service by black-holing the conversation

• Altering the conversation by omitting media

• Altering the conversation by replaying media

• Altering the conversation by inserting media

• Redirecting the sending party to another receiving party

In an expanded VoIPsupport infrastructure threat scenario, there are many other things an attacker can do through MITM attacks. If the attacker can insert himself between the VoIP user and a critical support server (TFTP, DNS, and so on), then some of the following attacks, most of which would result in a denial of service, are also possible:

• DNS spoofing

• DHCP spoofing

• ICMP redirection

• TFTP spoofing

• Route mangling

To be clear, MITM attacks are most likely to be performed by an attacker who already has access to the internal network.