CHAPTER 30 Security Issues in VoIP Telecommunication Networks 771 30.4.1. VoIP Call Detour A call detour is the process of transparently diverting RTP voice streams of any call to a remote machine (attacker) on the Internet [3], as shown in Figure 30-10. A VoIP call detour is con- sidered in four scenarios: (1) a PSTN phone calls an AT&T SIP phone; (2) an AT&T SIP phone calls a PSTN phone; (3) a PSTN phone calls a Vonage SIP phone; and (4) a Vonage SIP phone calls a PSTN phone. It is assumed that there is a MITM between the SIP phone and the SIP server who is also connected with a remote server. The detour attack is performed between an AT&T SIP phone and a PSTN phone to demon- strate the vulnerability of VoIP calling. 1. The MITM attacker intercepts the INVITE message from either the SIP phone or the SIP server and sends a copy to the remote device with the stolen IP address and port number. 2. The MITM attacker modifies the SDP part of the INVITE message with the IP address and port number of a remote device. Then, he/she sends this modified message to the original destination. ATT SIP server(s) MITM Remote device SIP phone