"Firewall scans reveal open ports and tools can map likely protocols; however, VoIP-aware firewalls close these ports so they are only open when they need to carry calls."

Both Wise and Endler said the solution is to disable VoIP Web servers, change default usernames, passwords and voicemail greetings.