[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] SIP attack

Subject: [ale] SIP attack
From: warlord at MIT.EDU (Derek Atkins)
Date: Fri, 15 Oct 2010 11:07:21 -0400
In-reply-to: <1287086085.32135.121.camel@cfowler-desktop> (Chris Fowler's message of "Thu, 14 Oct 2010 15:54:45 -0400")
References: <[email protected]> <1287086085.32135.121.camel@cfowler-desktop>

Chris Fowler <cfowler at outpostsentinel.com> writes:

> Our PBX was attacked and hacked.  Lost about $72 in SIP charges.  I've
> implemented fail2ban and have changed our passwords.  Looking at other
> things to do as well.
>
> I know fail2ban works because there was an attempt today and fail2ban
> did exactly what it should.

Sorry to hear that their attack was successful.  I've seen similar
attacks against my asterisk server.  I've got a script set up using
swatch to implement IP banning.  I was going to look at fail2ban but
didn't want to spend the time to learn a new tool.

One thing to be careful about using these tools are DoS attacks against
your real upstream VoIP provider.  SIP is UDP based, so an attacker
could forge the source IP as that of your VoIP provider and thereby call
fail2ban to block your real service provider.

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

References:
- [ale] SIP attack
  - From: ale at pcartwright.com (Paul Cartwright)
- [ale] SIP attack
  - From: cfowler at outpostsentinel.com (Chris Fowler)

Prev by Date: [ale] China..vs..Forsyth County Schools
Next by Date: [ale] Recommendation for SCSI array vendor?
Previous by thread: [ale] SIP attack
Next by thread: [ale] SIP attack
Index(es):
- Date
- Thread