SIP Attack
What is SIP Attack?
SIP AttackAn attack against Session Initiation Protocol services, ranging from extension enumeration and password bruteforcing to toll fraud and call hijacking.
SIP (RFC 3261) is the dominant signalling protocol for VoIP, IP-PBX and unified-communications platforms. SIP attacks abuse its weaknesses to enumerate extensions via REGISTER and OPTIONS responses, bruteforce SIP credentials with tools like SIPVicious (svmap, svcrack), hijack registrations or run toll fraud by routing premium-rate calls through a compromised PBX. Other variants include INVITE flooding for SIP-based DDoS, RTP injection, and abuse of SHAKEN/STIR misconfigurations to spoof caller ID. Asterisk, FreePBX and many cloud-PBX deployments are common targets, and the FBI has documented multi-million dollar toll-fraud losses. Defences include strict ACLs, fail2ban on SIP, strong per-extension credentials, TLS+SRTP, and disabling guest/anonymous calls.
● Examples
- 01
SIPVicious svcrack guessing weak extension passwords on an exposed Asterisk PBX.
- 02
Toll fraud where attackers route thousands of premium calls overnight through a compromised PBX.
● Frequently asked questions
What is SIP Attack?
An attack against Session Initiation Protocol services, ranging from extension enumeration and password bruteforcing to toll fraud and call hijacking. It belongs to the Attacks & Threats category of cybersecurity.
What does SIP Attack mean?
An attack against Session Initiation Protocol services, ranging from extension enumeration and password bruteforcing to toll fraud and call hijacking.
How does SIP Attack work?
SIP (RFC 3261) is the dominant signalling protocol for VoIP, IP-PBX and unified-communications platforms. SIP attacks abuse its weaknesses to enumerate extensions via REGISTER and OPTIONS responses, bruteforce SIP credentials with tools like SIPVicious (svmap, svcrack), hijack registrations or run toll fraud by routing premium-rate calls through a compromised PBX. Other variants include INVITE flooding for SIP-based DDoS, RTP injection, and abuse of SHAKEN/STIR misconfigurations to spoof caller ID. Asterisk, FreePBX and many cloud-PBX deployments are common targets, and the FBI has documented multi-million dollar toll-fraud losses. Defences include strict ACLs, fail2ban on SIP, strong per-extension credentials, TLS+SRTP, and disabling guest/anonymous calls.
How do you defend against SIP Attack?
Defences for SIP Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SIP Attack?
Common alternative names include: VoIP attack, SIP toll fraud, SIPVicious scan.
● Related terms
- attacks№ 822
Phreaking
The classic art of manipulating telephone systems — originally analog PSTN, now VoIP and SS7 — to make free or unauthorized calls.
- attacks№ 232
Credential Stuffing
An automated attack that replays large lists of username/password pairs leaked from one service against other services, exploiting password reuse to take over accounts.
- attacks№ 1205
Vishing
Phishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.