Explaining SIP Brute Force Attacks to Non-techs

Posted on March 10, 2011 by Fred

Check out this article from TEAM FORREST about explaining SIP Brute Force Attacks in plain English.

Kamailio releases Version 3.1

Posted on October 10, 2010 by Fred

Kamailio, formerly OpenSER, released version 3.1.0 on October 6th. Packed with some amazing features, the new version of Kamailio represents continued integration with the Sip Express Router (SER) software.

New features from 3.1 include:

asynchronous TLS
embedded LUA, HTTP server, Python, XCAP (and more)
SIP Registration to remote servers Continue reading →

VoIP Users Conference SIP Hacks Discussion Brings the Heat

Posted on May 24, 2010 by Fred

The VoIP Users Conference provides an open-to-all weekly conference call where anyone can engage in discussions related to, well, VoIP. Sometimes the conversations discuss new technologies / products. Sometimes discussions center around implementation. And lately, conversations may focus on security.

Last week, Ward Mundy, Tim Panton, Karl Fife, Leif Madsen, Yours Truly, and many other regulars discussed a SIP Caller ID Injection Hack. As in all conversations, opinions differ. My position about where to best filter this injection differed than Ward Mundy’s thoughts… and, courtesy of the VoIP Users Conference, you can listen to the conversation and form your own opinions.

Although, next time… maybe you’d enjoy actively participating in our conversations rather than listening to the replay.

→ SIP Hacks: who should filter what, where? (VoIP Users Conference)

(The VoIP Users Conference provides weekly live discussion about VoIP, SIP, Asterisk and all kinds of telephony-related topics every Friday at 12pm EST. For more information, please visit http://vuc.me.)

SIP Attacks From Amazon EC2 Cloud Continue

Posted on May 16, 2010 by Fred

Attacks from the cloud.

Just over a month ago, we reported that SIP attacks from the Amazon EC2 cloud were on the rise. While the attacks we received last month were limited to “extension only” registration attempts, one of the attacks we received this morning included what we assume was a standard dictionary attack.

The first attack came from 204.236.245.101. In less than 60 seconds, this IP attempted more than 11,500 registrations against our server. Most of these were 4 digit extensions (download the log (zipped) here). The second attack came from 184.73.4.183. In less than 90 seconds, this IP attempted more than 21,000 registrations against our server; including what we think is a standard dictionary attack complete with root, postmaster, pixadmin, etc. (download the log (zipped) here).

Continue reading →

Amazon EC2 SIP Brute Force Attacks on Rise

Posted on April 11, 2010 by Fred

Attacks from the cloud.

Update #1: 12 APR 2010. Amazon NOC’s response.
Update #2: 12 APR 2010. Amazon Statement.
Update #3: 13 APR 2010. Amazon Response.

Complaints of rampant SIP Brute Force Attacks coming from servers with Amazon EC2 IP Addresses cause many admins to simply drop all Amazon EC2 traffic. Generally, SIP brute force attacks attempt to register various peer names to a system and/or attempt to guess passwords of known/guesses peers or endpoints.

The complaints mentioned this weekend show an excessive amount of traffic; with some providers claiming 6GB of traffic dedicated to such attacks. Since we ourselves received an attack from an Amazon hosted server, we also reported and complained to the Amazon NOC/Abuse depts. ~~As of this posting, no response or acknowledgement has been received from Amazon.~~ The response from Amazon is below. Continue reading →

Cisco SIP Denial of Service Vulnerabilities

Posted on March 25, 2010 by Fred

Cisco recently announced a Denial of Service vulnerability within the SIP implementation of the Cisco IOS Software. Cisco devices running affected Cisco IOS Software versions that are configured to process SIP messages are affected. The vulnerability allows a remote attacker to reload a device and/or execute remote code.

Cisco recommends removing SIP support unless needed. “If the affected Cisco IOS device requires SIP for VoIP services, SIP cannot be disabled, and no workarounds are available. Users are advised to apply mitigation techniques to help limit exposure to the vulnerabilities. Mitigation consists of allowing only legitimate devices to connect to affected devices. To increase effectiveness, the mitigation must be coupled with anti-spoofing measures on the network edge. This action is required because SIP can use UDP as the transport protocol.”

The full advisory is reprinted below: Continue reading →

Verizon Announces SMB VoIP Package

Posted on March 15, 2010 by Fred

Verizon recently issued a press release where they introduced two new “packages” aimed to help small to medium sized businesses through “rough economic times.” Although the packages are detailed and named in the press release (reprinted below), the release and website are a little lacking for information regarding costs and fees. If Verizon will be making it easier (and cost effective) to get SIP Trunks to end users, this may open a great window for PBX systems such as Asterisk, SwitchVox, FreeSWITCH, and more.

The press release follows:

Small and Medium-Sized Business Options Are Focus of Verizon Global Wholesale Offers

Voice Over IP and Powerful Internet Access Packages Bolster Business Success In Rough Economic Times

March 15, 2010

NEW YORK – At a time when small and medium-sized businesses look for every technological advantage to help them continue as the fundamental economic growth engine in the U.S., Verizon is providing support with three new voice-over-IP and Internet packages available through the Verizon Global Wholesale division. Continue reading →

VoicePulse Minimum Usage Requirement

Posted on March 9, 2010 by Fred

VoicePulse announced today in an email that Business and Wholesale accounts will be required to meet a minimum usage of $10/month. They also advised that their Terms of Service had been updated to reflect the change. The company targeting users utilizing the service as a backup provider encouraged account holders to contact a representative to discuss becoming the “Primary” provider.

The email follows: Continue reading →

Asterisk Security Release Announced

Posted on February 19, 2010 by Fred

The Asterisk team of Digium announced new versions of Asterisk in reference to a potential security issue. The release highlights best practices and hopes to raise awareness of some potential security issues and injection statments. The announcement follows:

The Asterisk Development Team has announced security releases for the following
versions of Asterisk: Continue reading →

Skype for Asterisk Beta Limited Time Offer

Posted on July 30, 2009 by Fred

Hi, VoIP Tech Chat here introducing a BRAND NEW download from Digium, the company bringing you Asterisk. Are your Skype calls limiting you to sitting in front of your computer? Do you ever forget to plug in your microphone and lose audio? Well, Digium has the perfect product for you!

Skype for Asterisk Beta is a download that lets you integrate your Asterisk system with the Skype network.

With Skype for Asterisk, you can: Continue reading →

VoIP Tech Chat

Patrick and Fred Chat… sometimes about VoIP

Tag Archives: SIP