Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

More automatic VoIP attacks – 10 000 hits in minutes…

Over 10 000 hits on one single VoIP honeypot within minutes. This is becoming the norm.

How they do it:

  1. They use SIPVicious to scan with SIP OPTIONS messages.
  2. If they get a response, this scan followed up with SIP REGISTER on all extensions from 100 to 9999
  3. Then they pick an EXTENSION and do brute force password on it. (another load of REGISTER)

What does this have to do to you?

If you have a VoIP platform which handles REGISTER or INVITES on a public IP, you BETTER have good passwords! And you need to handle large loads if have no protection!

If you can lock it down based on access lists or with VPN, do so now!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: