The primary way in which VoIP and UC are changing the threat to enterprise voice networks lies in the increasingly simple and inexpensive ability for attackers to originate SIP calls into the Public Voice Network. The following diagram illustrates this point:
As the Public Voice Network continues to migrate to VoIP, with SIP being the dominant protocol, it has become easy and inexpensive to originate large numbers of concurrent calls (or floods) into this network. While the trunking entry point into enterprises remains primarily TDM, the call origination point is often SIP. On the origination side, the Public Voice Network looks more like the Internet every day from a call generation point of view. This change is accelerating and is out of the control of the enterprise. Service providers are in the business of delivering call and are neither incented nor equipped to address attacks based on call floods. This call-origination transition is occurring independently of how the enterprise chooses to adopt VoIP. This transition represents the most significant threat to enterprise networks.
SIP trunks, consumer/cable SIP offerings, Internet-based SIP services, softphones, and smart phones all combine to make call origination with spoofed caller ID easy and commonplace. It is also simple to use free software, such as the Asterisk/Trixbox IP PBX, sipp call generator, and other freeware tools, to automatically generate calls. A call generation capability can be set up in a manner of hours or days to enable harassing call campaigns, which include annoyance, TDoS, vishing, and voice SPAM (SPAM over Internet Telephony or SPIT). These tools make it possible to generate hundreds or even thousands of concurrent calls A VoIP-aware botnet can fire up and generate tens of thousands of simultaneous calls, and the threat increases with each passing day.