More automatic VoIP attacks – 10 000 hits in minutes…
January 14, 2010
Posted by on
Over 10 000 hits on one single VoIP honeypot within minutes. This is becoming the norm.
How they do it:
- They use SIPVicious to scan with SIP OPTIONS messages.
- If they get a response, this scan followed up with SIP REGISTER on all extensions from 100 to 9999
- Then they pick an EXTENSION and do brute force password on it. (another load of REGISTER)
What does this have to do to you?
If you have a VoIP platform which handles REGISTER or INVITES on a public IP, you BETTER have good passwords! And you need to handle large loads if have no protection!
If you can lock it down based on access lists or with VPN, do so now!