January 14, 2011
Posted by on
32 people was apprehended in Romania, but the VoIP hacking continues from this country. Low wages, highly educated people and not too many jobs often forces people to start hacking, combined with low risk of being caught.
This was from IP 22.214.171.124 caught in a SIP honeypot belonging to Honeynet Project.
REGISTER sip:IP.removed SIP/2.0
Via: SIP/2.0/UDP 192.168.0.135:5060;rport;
CSeq: 1 REGISTER
User-Agent: Linphone/126.96.36.199 (eXosip2/3.3.0)
Normal procedures is to use SIPvicious to do scanning, then use Linphone or other softphone to test out if you can dial out on the discovered IP PBX.
VoIP admins, do a pen-test on your own system and lock it down. This is, sadly, just the start….