This document discusses VoIP security threats like fraud and denial of service attacks. It provides examples of VoIP fraud causing losses of thousands of dollars or euros. It also describes common VoIP attacks like extension/password brute forcing, INVITE attacks, and exploiting default passwords. The document demonstrates using the Metasploit framework to launch SIP-based denial of service floods and discusses countermeasures like firewalls, monitoring, and session border controllers. It includes exercise notes about configuring Kamailio to defend a VoIP provider serving a lawless island from various attacks.