VOIP Security threats

http://www.globetechnology.com/servlet/story/RTGAM.20051012.gtslabyoct12/BNStory/Technology/
VoIP-specific security threats include:

Service Availability Attacks: DoS (Denial of Service) attacks, Spam and viruses can impact the quality of VoIP services or make them unavailable. DoS attacks are designed to flood a target call manager, phone, or VoIP infrastructure with an overwhelming number of spurious service requests or malformed packets. It is expected that voice Spam will fill up users' voicemail boxes, much like email Spam today. Viruses clog the network with unnecessary and useless messages, and exploit weaknesses in operating systems and applications, leading to network instability.

Eavesdropping: Free tools exist on the Internet that allow someone connected to a VoIP network to 'sniff' phone calls. An attacker can listen, copy, alter, and replay confidential phone conversations. For example, in July 2005, a flaw was identified in Cisco's Call Manager that could be exploited so an intruder could listen in to all calls routed through it. The flaw was discovered and addressed before it could be exploited, but this gives a clear idea of the potential for eavesdropping.

Impersonation: Call hijacking can be initiated by faking a network element or any other entity within the VoIP network. A hijacker can impersonate a personal profile or enterprise system to gain access to private information on customers, or disrupt the business of an organization.

Theft of service: Call tracking tools can be used to capture authentication credentials and subsequently spoof legitimate users in order to place calls at the subscriber's expense.

http://www.networkworld.com/cgi-bin/mailto/x.cgi

Great Site
http://hhi.corecom.com/voipsecurity.htm