Until and unless your e-mail account is guarded well with the help of a “spam filter”, you most likely and infrequently receive unwanted e-mails. Spam is annoying and irritating for the person using e-mails. VoIP supervisors and administrators should be well aware and familiar with VoIP spam, which is generally known as (SPIT) “spam over IP telephony”. When a SPIT attacks your Cisco IP Phone it can make un-welcomed messages appear from time to time on the LCD screen of your phone or it can result in frequent ringing of your phone, the outcome is obvious “lost employee efficiency and productivity”. SPIT is also used for different frauds e.g., A SPIT attack can make wrong caller ID’s appear on your phone’s screen.
The use of these common methods to mitigate e-mail spam is not so effective to deal with SPIT. Right after the SPIT is launched on your phone you can expect your phone to ring after every ten minutes. Though this act is quite irritating and can affect your efficiency, malicious traffic cannot detect the frequency of calls as it is too low an example can be by an “Intrusion Prevention System” [also known as IPS] sensor.
In order to configure authentication of Cisco IP phones modern by making use of (TLS) Transport Layer Security. The use of this strategy permits a Cisco IP Phone to approve any device trying to communicate or interact directly with the other phone. As an outcome, the un-authorized devices that are the main source of the SPIT will not be able to communicate or interact with the Cisco IP Phone.
There are different types of attacks that can be directed to voice networks. In this series of articles we will discuss all four types of VoIP vulnerabilities and attacks. This will certainly be enough to explain how VoIP telephony communication can be disabled or reduced in quality. The main four VoIP Vulnerabilities are:
- SPIT – spam over IP telephone (SPIT) includes, for example, sending unwanted messages to an IP phone’s display or making the IP phone to ring time to time.
- Vishing – is just like phishing, the difference is that the victim provides her/his personal information over the telephone rather than on website.
- Toll fraud – it happens when users incorrectly use a telephone system to make toll calls (for example international and or long distance calls) that they do not have approval to make.
- SIP attacks – they try to develop SIP’s use of famous protocols to intercept or manipulate SIP messages. Also, an attacker may trigger a DoS attack against a SIP server.