Problem 1:
Recently Voice over IP (VoIP) is experiencing an exceptional growth. Being a real-time service, VoIP is more susceptible to attacks. Furthermore, VoIP uses multiple protocols for call control and data delivery, making it vulnerable to different attacks at different protocol layers. An attacker can without difficulty disrupt VoIP services by flooding TCP SYN packets, UDP-based RTP packets, or SIP-based INVITE messages, which pose a critical threat to IP telephony.
Attack to an IP telephony network is not new concept. However, the manifestation of attacks, their targets, and how they are implemented has evolved over the past decade. To date, most Internet originated attacks have targeted the transport and network layers of the TCP/IP protocol stack. Typically, the goal of these attacks is either to overwhelm a specific machine or to saturate the communication link. But, as the Internet evolves and enterprises deploy multiple connections to the Internet, attacking the infrastructure has become less critical. Certain attacks are being targeted at particular services that consumers demand and rely upon, e.g., e-mail and web. This trend will continue as new complex services are deployed and gain widespread adoption. IP telephony is one such complex service that is gaining rapid momentum and has the potential for becoming a strategic new technology in coming decades. In turn, it is a prime target for new forms of attacks. In order to support IP telephony in enterprise network, new network elements must be deployed and existing network elements must be modified. To support calls between endpoints connected to the IP network, referred to as Net-to-Net calls, SIP (Session Initiation Protocol) Proxy and Registrar/Location Server (RLS) must be deployed. To support call between endpoints in Public Switched Telephone Network (PSTN) and endpoints connected to the IP network, referred to Net-to-PSTN and PSTN-to-Net calls, it is necessary to deploy a Media or Signal Gateway (MSG) that can act as an application level proxy between the IP network and the PSTN. Besides these new network elements, supporting IP telephony requires modifications in enterprise firewall to allow dynamic protocol ports to be opened at the clients to send and receive audio and/or signalling and control messages.
Question1. The case study says that different attacks are possible on an IP telephony network. Explain in detail the famous attacks on an IP telephony network.
Question2. From the case study we can deduce that there is a need to have vulnerabilities for a hacker to break in the system. Hence, what are the dissimilar significant steps which require to be followed to mitigate the vulnerabilities associated in VoIP network?
Question3. When a hacker performs a DoS attack on IP telephony network, the two major protocols that he may use are namely:
i. ICMP
ii. TCP/SYN
Explain how the hacker would use the above protocols to perform his attack.