Sonicwall Signatures
All Categories
Category: VoIP-ATTACKSVoIP Category Description
This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent traffic related to attacks on VoIP systems. VoIP or Voice over IP systems allow users to make phone calls over the internet or a local area network. VoIP systems consist of phones running a "skinny" client and routers running software that allows them to act as servers that route packets between two phones. Certain VoIP models use the end points as both servers and clients, allowing users to speak through their computers, while allowing other users' calls to be routed through their computers while they are connected. The vulnerabilities discussed in this category deal specifically with Cisco clients and routing software that are popularly used to implement VoIP networks in many offices.
Attackers can use two main methods to attempt to disrupt VoIP networks. The first invovle attacking the web server that handles VoIP traffic on a particular network. By sending a malformed packet to the web server, for example requestion information on a port that does not exist, attackers can gain sensitive memory information that can be used to intercept calls, or cause the server to crash.
The second type of attacks involve sending malformed packets straight to the phone clients themselves. The telephones use SIP or Session Initiation Protocol, a set of standard requests that are used to open and close calls. Attackers can send malformed packets to the ports on these telephones listening for SIP reuquests, and cause them to reset. A flood of these packets could make the targeted phones impossible to use, shutting down that telephone network.
SonicWALL VoIP signatures are classified from low to medium priority. When enabled for protection, they can keep malicious requests to IP phones from reaching the network at all. Administrators should note, however, that Cisco has released patches for the clients running on IP phones that close these vulnerabilities. Good patching practices should be used in conjunction with SonicWALL signatures to ensure maximum security for VoIP networks.
|
