William Herrin wrote:
On Wed, Oct 6, 2010 at 10:37 AM, Dan White <dwhite@olp.net> wrote:
If your PBX is SIP based, you might be victim of a SIP registration hijack, which are on the rise, based on traffic we've been seeing in our network.
I had my unpublished asterisk box up for all of two days before getting half a megabit per second worth of false SIP registration attempts. Filled /var/log. I had to write a script to dynamically filter source IPs with too many failures.
Regards, Bill Herrin
"A Simple Asterisk Based Toll Fraud Prevention Script" http://www.infiltrated.net/asterisk-ips.html Cheap marketing of a free RBL for VoIP: http://www.infiltrated.net/voipabuse Anyhow, I spoke about this last week (toll fraud abuse via IP PBX tricksters). Show # 275 http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=22622&cmd=tc http://voipsa.org/blog/2010/09/29/voip-attackers-sometimes-they-come-back/ http://voipsa.org/blog/2010/09/28/voip-abuse-project/ -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E