Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Security Best Practice: Protect Yourself from VoIP Denial of Service Vulnerabilities

Subscribe

Check Point Reference: SBP-2008-20
Date Published:
Severity:
Last Updated:
Source: IPS Research Center
Protection Provided by: Security Gateway
  • R70
VPN-1
  • NGX R65
VSX
  • NGX R65
Who is Vulnerable?
VoIP Systems
Vulnerability Description
VoIP opens voice communications to the same kinds of security threats that imperil data communications. Attacks on data communications can come through the IP voice infrastructure and vice versa. Denial of service attacks targeting weak VoIP elements could flood the network with voice traffic, degrading network performance or shutting down both voice and data communications. Hacked-into gateways might be used to make unauthorized free telephone calls. Unprotected voice communications might be intercepted and stolen or corrupted. Voice packets can be sniffed out and listened to in real time. PC-based soft phones are vulnerable to eavesdropping if the PC is infected with a Trojan horse that snoops into LAN traffic. Voicemail can be redirected to "ghost" mailboxes.
Vulnerability Details
Voice and video traffic, like any other information on the corporate IP network, has to be protected as it enters and leaves the organization. Possible threats to this traffic are:
  • Stealing calls, where the caller pretends to be someone else (by registering the calls in the name of another user).
  • Call hijacking, where calls intended for the receiver are redirected to the hijacker.
  • Systems hacking using ports opened for VoIP connections.
  • Denial of Service attacks, where a rogue phone floods the network with calls, thereby interfering with proper use of the phone network.

VoIP calls involve a whole series of complex protocols, each of which can carry potentially threatening information through many ports.

Protection Overview
IPS/SmartDefense protects against Denial of Service attacks directed against VoIP networks by limiting the number of call attempts per minute that the gateway allows from an individual IP address.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R70

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Application Intelligence > VoIP.
2. In the right pane, double-click the VoIP Denial of Service protection.
3. In the Protection Details window, click on Edit. Select Enable VoIP DoS Protection.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: SIP Content Security Violation
Attack Information: Host exceeded call limit (possible spam or DoS attack)

Attack Name: MGCP Content Security Violation
Attack Information: Host exceeded call limit (possible spam or DoS attack)

VPN-1 NGX R65 & VPN-1 VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > VoIP.
2. In the configuration pane, select Enable VoIP DoS Protection.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: SIP Content Security Violation
Attack Information: Host exceeded call limit (possible spam or DoS attack)

Attack Name: MGCP Content Security Violation
Attack Information: Host exceeded call limit (possible spam or DoS attack)