| ||
A traditional man-in-the-middle (MITM) attack is one in which an attacker is able to insert herself between two communicating parties to eavesdrop and/or alter the data traveling between them without their knowledge. In a VoIP threat scenario, a hacker launching an MITM attack could consequently perform a variety of other attacks (by, for example, spoofing a SIP proxy or inserting herself between the user and SIP proxy) including
Eavesdropping on the conversation
Causing a denial of service by black-holing the conversation
Altering the conversation by omitting media
Altering the conversation by replaying media
Altering the conversation by inserting media
Redirecting the sending party to another receiving party
In an expanded VoIPsupport infrastructure threat scenario, there are many other things an attacker can do through MITM attacks. If the attacker can insert himself between the VoIP user and a critical support server (TFTP, DNS, and so on), then some of the following attacks, most of which would result in a denial of service, are also possible:
DNS spoofing
DHCP spoofing
ICMP redirection
TFTP spoofing
Route mangling
To be clear, MITM attacks are most likely to be performed by an attacker who already has access to the internal network.