Summary

SIP is emerging as a major signaling protocol in VoIP infrastructures, especially on PC-based soft phones. Because SIP is largely based on HTTP, it is probably the most seamless protocol to be used with IP networks. By the same token, it inherits quite a few of HTTP's security exposures. As we have seen, SIP's authentication methods are vulnerable to several attacks, including passive dictionary attacks. SIP's authentication model also allows attackers to retrieve the User Agent's password quite easily. Furthermore, the identity of any SIP User Agent cannot be trusted because attackers can hijack registration attempts of legitimate SIP devices.

The reliability of the SIP network leaves much to be desired. We have discussed only a few of ...

Get Hacking VoIP now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.