Displaying 20 results from an estimated 20 matches for "sipvicious".
2010 Jun 24
2
Friday at 1PM: SIPVicious has a new tool: svcrash
Hi,
Got some great news a few days ago from Sandro Gauci (@SandroGauci)
and we'll be talking about this with him this Friday at 1PM.
SIPVicious, the free security tools for SIP scanning, now include a
new tool: svcrash. It is aimed at helping system administrators stop
bandwidth consuming scans making
use of svwar and svcrack. Here is the announcement on SIPViscious blog:
http://blog.sipvicious.org/2010/06/how-to-crash-sipvicious-introduc...
2010 Aug 18
3
Playing with sipvicious ..
...t's time to introduce yet another parameter to it - which
will cause asterisk to return the same error code for all 3 conditions -
and return the "not found" error, even on bad username or password.
It breaks the RFC even more, but might it be worth it?
(I've just had 30GB of sipvicious traffic sent to my hosted servers in a
12-hour period - it came from what looked like a VPS host in France -
trivially firewalled out, but even dropping the packets didn't stop the
flood! It's so badly written it appears to just ignore any return codes
that it doesn't want, or even...
2017 Mar 28
2
SipVicious scans getting through iptables firewall - but how?
...901 at 46.101.X.X SIP/2.0
163.172.210.65:5089 46.101.X.X:5060 ?Via:
SIP/2.0/UDP 127.0.1.1:5089;branch=z9hG4bK-786048925;rport
???????????????????? ?????????????????????Content-Length: 0
? OPTIONS ? ?From:
"sipvicious"<sip:100 at 1.1.1.1>;tag=3265363530346630313363340132333439343631383137
13:26:10.350316 ? ??????????????????????????> ? ?Accept:
application/sdp
? ?
?User-Agent: friendly-scanner
?...
2010 Aug 30
1
Fail2ban integration issues with Asterisk 1.4.21 under Debian Lenny
Hi,
I've recently had a fairly prolonged SIP registration attack, 18 hours in
this case and often with 200 attempts per second, and suspect I've had a
number of these in the past. The main symptom I noticed previously was,
because Asterisk was responding to each registration request it received,
it was very quickly using up my 448 kbps upload limit for my home ADSL
connection: any
2010 Oct 21
5
SIP Blacklisting
...en the recent increase in SIP brute force attacks, I've had a little idea.
The standard scripts that block after X attempts work well to prevent you actually being compromised, but once you've been 'found' then the attempts seem to keep coming for quite some time. Older versions of sipvicious don't appear to stop once you start sending un-reachables (or straight drops). Now this isn't a problem for Asterisk, but it does add up in (noticeable) bandwidth costs - and for people running on lower bandwidth connections. The tool to crash sipvicious can help this, but very few attacker...
2013 Jan 02
8
Auto ban IP addresses
Greetings all,
I have been seeing a lot of
[Jan 2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite:
Sending fake auth rejection for device
100<sip:100 at 108.161.145.18>;tag=2e921697
in my logs lately. Is there a way to automatically ban IP address from
attackers within asterisk ?
Thank you
2010 Oct 15
8
fraud advice
Hi,
Embarrassed as I am to write this, I am hoping for some advice. One of
our very first PBX installs, now six years old, was "taken advantage of"
over the past few weeks. A victim of sipvicious, I assume, that managed
to guess one of the SIP passwords. 4000 calls to various middle eastern
destinations have been placed, which ended up being sent over our
customer's PSTN trunk, and of course there was no warning until the bill
came today. Unfortunately the bill only covered the fi...
2010 Aug 24
2
Attempted SIP connection by foreign host. Help!
Say,
I just picked this up on my messages!
There are a whole host of these requests!
Anyone know whow there people are? Is there a way to report them?
Any suggestions as to how to block them?
[Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912" <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
[Aug 23 10:34:16] NOTICE[1010]
2010 Nov 07
3
Why are the hackers scanning for these?
Hey, I'm going thru logs, and I see some very common and interesting things
that the hackers are looking for.
In a whole bunch of scans, I've noticed that the first guess or two for sip
accounts
is usually a 10-digit number. I'm asking myself, why these numbers? Are they
looking
for a voip trunk? Or is it just like a serial number for the scan? What?
Here's some examples:
2011 Dec 08
2
AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings
Asterisk Project Security Advisory - AST-2011-013
Product Asterisk
Summary Possible remote enumeration of SIP endpoints with
differing NAT settings
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote
2010 Mar 12
0
Fri March 12th @ 12 noon EST: SIP scanning, security and attacks + Hosted vs on-site voip
...our or so, then a debate about hosted vs local VoIP services.
Hour one guests are Sjur Usken, telecom consultant who has been
working with VoIP since 2002 and helping companies migrate to an all
IP world and Sandro Gauci, a security researcher and consultant based
in, author of VoIP security tools SIPVicious, VOIPPACK and
VOIPSCANNER.com. They'll be talking about a number of realistic VoIP
attacks and what's being exploited by fraudsters for profit.
Hour two we expect Mike Oeth, Junction Networks CEO to join our
regulars to talk about hosted vs local VoIP. There's also
miscellaneous buzz a...
2010 Jul 15
0
Last call for AstriCon talks
...list just yet (that'll be next week) I can
tell you that there are how-to talks on IPv6 (a double-session!) by
the developers of the code (Viagenie), VoIP encryption techniques by
the developer of some of the code (Terry Wilson), and a practical
session on SIP security by the author of SIPVicious (Sandro Gauci.)
If you've talked with me about giving a session, but not actually put
it into the then it's not on the consideration list. I know that
there are quite a few of you who are enthusiastic about giving a
session but haven't quite gained the momentum to fill out the...
2010 Aug 27
1
Protect yourself
Hey all
We are seeing intrusion attempts coming from address 201.47.236.122 today
They were hitting our switches trying to get in. So we blocked them at our
firewall.
Just wanted to put the word out so you all can protect your self.
Bryant
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2010 Oct 03
3
SIP flood attacK
Hello all. I was recently the victim of a SIP flood attack. I'm wondering
what is the best method to prevent such things in the future.
Many thanks
Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101003/2e254523/attachment.htm
2010 Dec 09
4
Asterisk SIP attacks and sshguard
Hello,
We had been seeing SIP-guessing attacks on our Asterisk server here.
While it wasn't that hard to write a once-a-minute cron job to spank
the lusers, that runs once a minute and creates little spikes in the
usage and I/O graphs, and is slower to respond than I'd really prefer.
I felt that it'd be much cooler to get something more comprehensive
put together. We don't use
2017 Aug 15
6
Detecting DoS attacks via SIP
Hi all,
Lately, I've seen an increase in the number of attacks against my system from the so-called "Friendly Scanner." When one of these script kiddies targets my server, all I see for symptoms is a few of my trunks become lagged due to server load and a stream of messages on the console that resemble this:
[Aug 2 20:27:50] == Using SIP VIDEO CoS mark 6
[Aug 2 20:27:50] ==
2010 Jul 22
3
My Switch is being attacked using sip scanner tool (Service Abuse Attack)
An attacker is scanning my Asterisk Switch to gain illegitimate access to
VoIP call functionality.
Using a sip scanning tool, *it* sends REGISTERs with random identities. And
when it discovers one identity subscribed in my switch, it tries to
authenticate with random passwords using this user name.
For the moment, I have replaced this account. And also blocked the IP it has
used but each time
2010 Sep 13
5
Force ip disconnect after register?
Is there a way to drop a ip connection to asterisk after a number of
register attempts.
I have been having issues with hackers doing registration scanning against
our server. We block their address at the fire wall but since asterisk does
not force a drop of the connect after so many bad reg attempts I can't
enforce the block until they drop and try again. This allows them to run
the box
2011 Feb 28
2
asterisk security....again
Hi all,
The problem I have been experiencing since last month is that some of my
customers are getting calls with "Asterisk <Unknown>" caller id. Most of
them in the middle of the night. And my asterisk server has no record of
these calls. The customers were getting irritated as you can imagine. I
guessed the only way to receive incoming calls by by-passing the
registration server
2010 Nov 28
4
Firewalling and Asterisk
Forgive my ignorance on this as I am still fairly new to Asterisk.
I have noticed lately that there have been several attempts to hack our
Asterisk server. I see multiple attempts to log in with a particular
extension from the same IP address, perhaps hundreds of times per
second. It causes the overhead to spike to ~100%. It is more of a pain
in the ass than anything.
So far what I have been