search for: voippack

Asterisk Project Security Advisory - AST-2011-013 Product Asterisk Summary Possible remote enumeration of SIP endpoints with differing NAT settings Nature of Advisory Unauthorized data disclosure Susceptibility Remote

...hen a debate about hosted vs local VoIP services. Hour one guests are Sjur Usken, telecom consultant who has been working with VoIP since 2002 and helping companies migrate to an all IP world and Sandro Gauci, a security researcher and consultant based in, author of VoIP security tools SIPVicious, VOIPPACK and VOIPSCANNER.com. They'll be talking about a number of realistic VoIP attacks and what's being exploited by fraudsters for profit. Hour two we expect Mike Oeth, Junction Networks CEO to join our regulars to talk about hosted vs local VoIP. There's also miscellaneous buzz about Andro...

...( http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk ) which might allow you to ban endpoints based on volume of requests. If you'd like to see an example of the tools that you're up against, see this demo video (http://enablesecurity.com/products/enablesecurity-voippack-sipautohack-demo/ ) of an automated attack tool that does scan, guess, and crack methods via a click-and-drool interface. In summary: basic security measures will protect you against the vast majority of SIP-based brute-force attacks. Most of the SIP attackers are fools with tools - they a...