Cancel Attack
The SIP CANCEL attack in the figure below is one of the possible availability attacks on VoIP SIP based systems. During the call setup between user 1 and user 2, an attacker sends a crafted SIP packet with a “CANCEL” request to the proxy, which in turn cancel user 1’s “INVITE” request, ceasing the call set up process.

A similar attack is the SIP BYE attack in which a “BYE” request is sent instead of the “CANCEL” request. This terminates the targeted call.

In order to perform these attacks, an attacker must have the necessary session information, such as caller IDs. A well implemented VoIP system (business-grade or hardware based) will typically not be directly exposed to the Internet. For an attacker to gain the necessary information to perform these attacks, they will generally use abuse a vulnerable server to plant a Trojan through which they can attack the VoIP system and perform man in the middle attacks, which can be a difficult task.

To reduce the risks of these attacks being successfully carried out on your VoIP system, ensure that you regularly patch all VoIP related servers and devices.

DoS Attack
The diagram below shows an attacker using performing two different types of denial of service (DoS) attacks.

The attack on the SIP server utilises known vulnerabilities in either the SIP implementation on the server, or known vulnerabilities in the underlying infrastructure and operating system of the server, to disrupt VoIP accessibility.

The attack on the Internet Phone Gateway involves flooding VoIP servers (or endpoints) with control frames or media packets. If successful, the target device is unable to process new calls, and in-session calls may disconnect.

Service Abuse
The diagram below illustrates an attacker exploiting an Internet phone gateway to gain illegitimate access to VoIP call functionality. One of the larger scale VoIP service theft cases is highlighted here.