DNS and registration poisoning are clever attacks, which use your SIP server infrastructure to send unauthorized calls. Actually, the attack is against the authorization process rather than authentication. Once a user has a valid account, it can send unauthorized calls to PSTN. Let's start explaining DNS poisoning, which is simpler. It exploits the possibility in a service provider to make calls to foreign domains. We will describe the following attack steps:
Get a valid account.
Make a legitimate call to PSTN and get the gateway's IP in the Contact header.
Change your DNS server to point a valid fully qualified domain name (FQDN) to the gateway's IP.
Initiate a call to the valid FQDN. In many places such as universities, the system allows you to make free calls to external domains, for example, calling to
mit.edu
fromsip.edu
.
Let's suppose that you want to make a call to an external international number such as +4423456789:
Once you have a valid account...