Bot attacks could hide in VoIP traffic
2006-01-26
A discovery by a Cambridge professor this week highlights an easy to perform denial-of-service (DoS) attack using VoIP as a wrapper for the malicious traffic.
As a growing amount of VoIP traffic is passed across the internet, concern is being raised that bot networks could be orchestrated to overlay VoIP on their attacks, thereby preventing detection of the source. Without the ability to trace control messages -- as is the method with current DoS attacks -- the attacks will be difficult to shut down, further complicating an already troublesome problem.
Although there are no reports of this technique being used yet, the professor who exposed the method has written demonstration code with little difficulty, according to a Techworld article.
Critics of the technique have responded that any protocol could be used as a hidden signaling channel, and hinted that VoIP is being picked on. The pervasiveness of the VoIP protocol may make it more attractive than others, however only time will tell.