I am at ICMP3 a nice hacker's event meeting nice people and having fun with lots of HW and SW. I will give a speech tomorrow, for which I still have to prepare some slides.
I was assuming I can find a lot of VoIP/SIP HW here to play around with, but I was a little bit disappointed not to find too much. I had prepared a piece of SW to stress VoIP phones (later there will be more on this), I also had success on all of them (as in crashing them).
The only exception is a Cisco 7905 SIP phone, where I couldn't even get to the point of attacking the SIP stack or codecs. The market leader in IP networking HW has implemented a remote reboot procedure: