What is a SIP Threat Management Device (STM)?

By Allo.com

You may be familiar with UTM – Unified Threat Management device, but have you come across an STM – SIP Threat Management device, that is used to protect the IP PBX and IP Phones/Telephony infrastructure from threats/attacks?

Here is a guest post by Martin Andre Strul of Allo.com, manufacturer of STM device, Analog/Digital Telephony cards, and Analog telephone adapters, VOIP gateways, PBX systems, IP Phones and more.

What is STM and how it can help you secure your VOIP infrastructure?

The STM – SIP Threat Management device, is installed in front of any SIP based PBX system or gateway and offers extra layers of security against numerous types of attacks that are targeted towards IP telephony infrastructure. The features offered by the STM complement those of a traditional firewall or UTM, and it can be installed in conjunction with a UTM.

Every year the number of PBX fraud victims increases dramatically. More and more companies are targeted by individuals who are looking to bring down or exploit the communications system. Some do it for fun and others for illicit profit, but the end result is always the same… The victim company goes through hell!


In this article, we will expose the numerous threats your unprotected IP telephony infrastructure faces and which are blocked by the STM.

Things to be considered

– The law is clear, you are the only responsible for the security of your phone system and any charges generated from it.
– You will pay on average 5,000$ USD to 80,000$ per attack to your carrier.
– Downtime of your whole system is very common.
– In some cases you will have to find a different carrier.

Overview of the most common attacks to PBXs today and how the STM handles them

1. SIP Device Fingerprinting: The hacker will try to identify which PBX software is running or which hardware you are using. Once he gets this info, he will look for their weaknesses and attack accordingly. The STM will simply not answer to such requests leaving the hacker in the dark.

2. User enumeration: The hacker will request the system to divulge the extension numbers. Once he gets this info, he can then start looking for the passwords. The STM will not give out this info.

3. Password Cracking Attempt: The hacker will try different user names and passwords in order to gain access to an extension or the admin panel of the PBX. The STM can be configured to block an IP if more than 10 trials are done within 10 minutes, for example.

4. PHREAKERs: These guys take advantage of your negligence and steal from you without really hacking anything… They just check the most common/default user names and passwords used and if they get lucky, it’s a bad day for the victim.

5. The Hardcore Scammer: Using scripts and special tools, these criminals know exactly what they are doing and have the knowledge to hack and exploit an unprotected phone system. The list of scams they can run is long but it can range from setting up an extension in your system and using it to sell cheap international calls, to more elaborate FAX back or CALL back scams where they use your system to call very expensive / minute phone numbers they control…

6. DoS/DDoS attacks: These are designed to flood your PBX with an exaggerated numbers of packets. Their goal is to bring down your communication system and render it unusable. The STM will dynamically block for a pre-determined period of time, the IP or IPs from which these attacks originate.

7. Cross Site Scripting attacks: These are amongst the most complex and hard to achieve. A script is injected in your PBX by the hacker and can program it to do all kind of malicious actions such as having all your extensions ring at once. The STM blocks off the intent and IP address (es) trying to do that.


Manufacturer’s message: The ALLO.com STM uses the SNORT based real-time deep packet inspection engine, which is in fact a large database of known threats to PBXs. Much like a terrorist watch list, the STM uses this list to check each SIP packet heading towards your system and blocks any malicious packet as well as its originating IP.

Investing in an STM to protect your communications network is a must.

For more info, visit: http://allo.com/stm.html

If you are a system integrator, an IT person in your office, someone involved with VOIP security and wants to learn more about this unit or just interested in reviewing the STM, contact us for a demo today!