Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

But the Romanians keep hacking..


32 people was apprehended in Romania, but the VoIP hacking continues from this country. Low wages, highly educated people and not too many jobs often forces people to start hacking, combined with low risk of being caught.

This was from IP 188.24.194.155 caught in a SIP honeypot belonging to Honeynet Project.

REGISTER sip:IP.removed SIP/2.0
Via: SIP/2.0/UDP 192.168.0.135:5060;rport;
branch=z9hG4bK6640
From: <sip:1234@IP.removed>;tag=3202
To: <sip:1234@IP.removed>
Call-ID: 14862
CSeq: 1 REGISTER
Contact: <sip:1234@192.168.0.135>
Max-Forwards: 70
User-Agent: Linphone/3.3.99.9 (eXosip2/3.3.0)
Expires: 3600
Content-Length: 0

Normal procedures is to use SIPvicious to do scanning, then use Linphone or other softphone to test out if you can dial out on the discovered IP PBX.

VoIP admins, do a pen-test on your own system and lock it down. This is, sadly, just the start….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: