Category Archives: VoIP

Google 86′s Google 411

Posted on by
5
G-g-g-g-g-google.

G-g-g-g-g-g-google.

I love my Droid. That being said… my love for Google wanes like a loveless marriage from a white, suburban utopia. I’m comfortable with Google, but the love affair is over. Both of us want different things from our relationship.

I want Google to be a kinder, gentler corporation. The one that doesn’t scream M-M-M-Max Headroom and make me think that the next leader of Google, Inc. may indeed be named Darth Vader.

One of the products that I loved from Google was GooG411. Using it was simple. Continue reading

Props. Respect. Tsahi Levent-Levi.

Posted on by
5

It’s great to be noticed… so today, we’re giving (in the style of Ali G) mad props and RESPECT to Tsahi Levent-Levi for mentioning VoIP Tech Chat in his article “My 50+ non-Top VoIP Blogs of 2010.” Sure it sucks to officially be a “non-top” VoIP Blog, but then again– who are we kidding here? We’ve got a freakin’ picture of Ben Affleck on our header.

You know, Levent-Levi’s 50+ non-Top blogs actually feature some of our must read blogs. We’re listed along with Michael Graves, Dave Michels, and even Jeff Pulver (all required reading).

About Tsahi Levent-Levi

Tsahi Levent-Levi is a seasoned product manager and system architect at RADVISION. His experience includes product management and development, project management, with a strong background in development and management of complex VoIP projects. Tsahi currently manages a wide range of VoIP and 3G client products, which enjoy significant market share in the industry.

Dear Comcast…

Posted on by
3

Dear Comcast,

Comcast...Cares?

Comcast...Cares?

I am leaving you this note on the fridge because I can’t bear to face you.  I can’t bear seeing the look in your eyes when I tell you that it’s over. This off again, on again blamefest has come to an end. I was always there to support you financially, but you never reciprocated with the kind of love, the kind of consistency I needed in my life.

This isn’t easy for me. As I close this chapter in the book that is yet to be finished, I know I will look back on our times together with some hints of fondness. I am sure we will cross paths again, someday. I hope that we can smile, exchange greetings, show each other a base level of respect and courtesy.

I have taken the liberty of leaving all of your things at your office, so, aside from this note, this is goodbye.

Or is it…

Continue reading

VoIP Users Conference SIP Hacks Discussion Brings the Heat

Posted on by
3

The VoIP Users Conference provides an open-to-all weekly conference call where anyone can engage in discussions related to, well, VoIP. Sometimes the conversations discuss new technologies / products. Sometimes discussions center around implementation. And lately, conversations may focus on security.

Last week, Ward Mundy, Tim Panton, Karl Fife, Leif Madsen, Yours Truly, and many other regulars discussed a SIP Caller ID Injection Hack. As in all conversations, opinions differ. My position about where to best filter this injection differed than Ward Mundy’s thoughts… and, courtesy of the VoIP Users Conference, you can listen to the conversation and form your own opinions.

Although, next time… maybe you’d enjoy actively participating in our conversations rather than listening to the replay. :)

SIP Hacks: who should filter what, where? (VoIP Users Conference)

(The VoIP Users Conference provides weekly live discussion about VoIP, SIP, Asterisk and all kinds of telephony-related topics every Friday at 12pm EST. For more information, please visit http://vuc.me.)

SIP Attacks From Amazon EC2 Cloud Continue

Posted on by
20

Attacks from the cloud.

Just over a month ago, we reported that SIP attacks from the Amazon EC2 cloud were on the rise. While the attacks we received last month were limited to “extension only” registration attempts, one of the attacks we received this morning included what we assume was a standard dictionary attack.

The first attack came from 204.236.245.101. In less than 60 seconds, this IP attempted more than 11,500 registrations against our server. Most of these were 4 digit extensions (download the log (zipped) here). The second attack came from 184.73.4.183. In less than 90 seconds, this IP attempted more than 21,000 registrations against our server; including what we think is a standard dictionary attack complete with root, postmaster, pixadmin, etc. (download the log (zipped) here).

Continue reading

Michael Graves Discusses PBXact

Posted on by
2

I’ve said before that I’m a big (not a fat reference) fan of Michael Graves’ blog. Continuing his promotion of the wicked cool and useful†, Mr. Graves recently wrote about Schmooze Communications’ PBXact system.

It’s a GREAT read and I leave you with this: Magic Button. (read the article)

Related links:

†Yes… Wicked cool and useful. If it doesn’t meet the criteria for both, it doesn’t make his blog.

FreePBX Security Vulnerability

Posted on by
3

I do love their logo.

Ward Mundy, of Nerd Vittles / PBX in a Flash fame, warns of a FreePBX Security Vulnerability allowing a system to be compromised simply by displaying a CDR report in the FreePBX browser.

There is a very serious security vulnerability that needs to be patched by loading the very latest version of FreePBX Framework as soon as it becomes available for your version of FreePBX. Just displaying a CDR report in the FreePBX browser could compromise your system.

The 2.5 and 2.6 patches already have been released and probably 2.7 as well. Load this patch IMMEDIATELY!!!

Setup, Module Admin, Check for Updates on Line, Upgrade All

2.5.2.3: #4223 Security Vulnerability
2.6.0.2: #3805, #3707, #4188, #4223 Security Vulnerability

For more information, check out the PBX in a Flash Forum.

Truth in Caller ID Act Passes House

Posted on by
5

Last year, the Senate passed the Truth in Caller ID Act of 2009 (S. 30 passed unanimously) and this year, the House moved forward on their own version. Of course, moving at the speed of government, the House passed the Truth in Caller ID Act of 2010.

Truth in Caller ID Act of 2009 – Amends the Communications Act of 1934 to make it unlawful for any person in the United States, in connection with any telecommunication service or VOIP (voice over Internet protocol) service, to cause any caller identification service to transmit misleading or inaccurate caller identification information (“spoofing”) with the intent to defraud or cause harm. Prohibits construing these provisions to prevent blocking caller identification or to authorize or prohibit law enforcement or U.S. intelligence agency activities.

Continue reading

Amazon EC2 SIP Brute Force Attacks on Rise

Posted on by
53

Attacks from the cloud.

Update #1: 12 APR 2010. Amazon NOC’s response.
Update #2: 12 APR 2010. Amazon Statement.
Update #3: 13 APR 2010. Amazon Response.

Complaints of rampant SIP Brute Force Attacks coming from servers with Amazon EC2 IP Addresses cause many admins to simply drop all Amazon EC2 traffic. Generally, SIP brute force attacks attempt to register various peer names to a system and/or attempt to guess passwords of known/guesses peers or endpoints.

The complaints mentioned this weekend show an excessive amount of traffic; with some providers claiming 6GB of traffic dedicated to such attacks. Since we ourselves received an attack from an Amazon hosted server, we also reported and complained to the Amazon NOC/Abuse depts. As of this posting, no response or acknowledgement has been received from Amazon. The response from Amazon is below. Continue reading

FCC Powerless on Net Neutrality

Posted on by
1

Comcast fought the law, and the law lost. In a big win for Comcast and a big loss for net neutrality advocates, a Federal Appeals court ruled that the FCC lacks the authority to regulate how an internet provider handles network traffic. The case stemmed from an order in 2008 prohibiting Comcast from blocking bit-torrent traffic.

The 36 page ruling written by Judge Tatel (download here), cites many cases and regulations concerning both the FCC and their powers. While acknowledging that Congress gave the FCC broad powers to regulate rapidly changing technology, the Court stated that the FCC failed to tie it’s authority to regulate Comcast’s Internet service to any “statutorily mandated responsibility.”

Although I wished to have a stronger decision for Net Neutrality, I do welcome the reigning in of the FCC. It’s a lose/lose case (in my humble opinion). Either Comcast loses and the FCC grows stronger. Or Comcast wins and Net Neutrality grows weaker. Can’t say that the Average Joe would have won in the long run either way.

Additional Information: