In the context of VoIP, a reconnaissance attack occurs when a malicious party tries to learn information about your network. Reconnaissance scanners are used for unauthorized discovery and mapping of available VoIP systems, services or vulnerabilities.
Before any concentrated effort to purposefully attack a VoIP service, there first needs to be a process of information gathering. In most cases, reconn attacks are precedes for an actual access or DoS attack. First is the discovery of a VoIP service, as the malicious party conducts a SIP scanner sweep of the target network to determine which IP addresses have SIP services that are alive. Then the malicious party determines which VoIP services, accounts, extensions and trunks are active on the live VoIP addresses. From this information, the malicious party can continue later with a more concentrated effort.
The SBC has the ability to identify these SIP scanners and reject them, and thus not reveal the VoIP services. Hiding the VoIP service makes it harder for malicious parties to continue later.
|Download this printable PDF Cheat Sheet for your reference on the powerful capabilities and features of the Session Border Controller.|