Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

Monthly Archives: December 2009

Why are there VoIP attacks from port 3058?

Been picking up more and more hits in the VoIP honeypots lately. What puzzles me, is that several of those originate from different IPs but same port number. IANA assigned port 3058 to the following:

videobeans 3058/tcp videobeans
videobeans 3058/udp videobeans

IPs that has hit one or more of our honeypots the latest days:

From port 3058

Other ports

Notice the two consecutive IPs, and .53.

But why port 3058… the reason is probably simple, but for now I’m guessing on the same software running on PCs with a public IP.

We demand the authority to free the free sprectrum!!

Inspired by this talk at Ecomm 2009 by Michael Calabrese. It’s time to let the intelligent wireless units utilize the available spectrum! Why allocate all the frequencies static, when you can divide them both in time, location, height (on ground, in planes..) and dynamically back-off channles in use.

If I had done the same spectrum scan in down-town Oslo, I would have found that the 900 and 1800 MHz channels for GSM and UMTS is utilized, while 2.4GHz is pretty crowded. There would also be some TV channels. But what about the rest??? Why not use it?

Demand a GPS in the senders, where they every 24 hours download what they are allowed to transmit and which frequencies. Just do something…. because the static allocation of frequencies are out of date and we need more (unlicensed) mobile bandwidth!

VoIP used for social engineering hacking

Direct VoIP attacks are escalating, but even as scary is using a hacked VoIP system to extend your social engineering in a firm. This can be done automatically by using hacked PBXes to make the call, to direct attacks towards a (larger) institution where you first hack their VoIP phone central, and then use real accounts on this system for social engineering.

More info about it from The Standard and the FTC “prank” about Vishing.

Take VoIP security more seriously!

I’m glad when people are taking VoIP security more seriously. VoIP will become an even more important service, integrated into everyday life on the Internet.

Ben in the Australian Honeynet Project is now on his third article about VoIP frauds. It is for the general audience and gives you a insight of what drives the hackers to get access to your VoIP system.

Lance Spitzner and I was interviewed for an article in the Norwegian Computerworld edition. Here I argued that it is not necessarily insecure systems with bugs, but rather configuration errors done by the administrators and installers.

Then it’s nice to see people making YuoTube videos of how to make your Asterisk more secure: