Stay in touch VUC Mailing List : VUC FaceBook Page : iTunes
24/7 Leave a message or send an SMS : (518) VUC-VOIP (882-8647) : IRC #vuc

VUC Info: Next session - Future Topics - HOW TO Connect

Posts Tagged attack

SIP Hacks: who should filter what, where?

Posted by Zeeek/Randulo in VoIP

Podcast: Download

Audio : Download file (TS-359935.mp3)

Among others, Ward Mundy (Nerd Vittles, our guest next week) and many of the VUC regulars join in this violent argument civil discussion about who is responsible for filtering, where it should take place and the how and why of their ideas on the subject.

If you’re into SIP technology, you’ll want to hear this discussion about who should protect people from SIP “CallerID stuffing” among Ward Mundy, Fred Posner (VoIP Tech Chat), Tim Panton, Karl Fife, Leif Madsen and the rest of the great gang of VoIP regulars. This is why you need to join us LIVE every Friday!

Programmers differ enormously over who should filter incoming data and where. There is no right answer, although the main point is to protect your users against whatever possible attacks might come through your system or pbx.

, , , , , , , , , , , , , , , , , , , , ,

3 Comments

Amazon EC2 Flood Attacks from the Cloud

Posted by Zeeek/Randulo in VoIP

Podcast: Download

Audio : Download file (EC2Attacks.mp3)


Part of this article is an edited summary of material from VoipTechChat.com

Complaints of rampant SIP Brute Force Attacks coming from servers with Amazon EC2 IP Addresses cause many admins to simply drop all such traffic. Generally, SIP brute force attacks attempt to register various peer names to a system and/or attempt to guess passwords of known/guesses peers or endpoints. The object is theft of resources.

The complaints mentioned this weekend show an excessive amount of traffic; with some providers claiming 6GB of traffic dedicated to such attacks. Since we ourselves received an attack from an Amazon hosted server, we also reported and complained to the Amazon NOC/Abuse depts.

There are various techniques to assist with minimizing DDoS and Brute Force attacks, such as limiting access via the public internet, using strong passwords, not mapping extension name to peer/endpoint name, limiting simultaneous calls, and aggressively monitoring usage. Automatic blocking of abusive IP’s (fail2ban, blockhosts, etc.) can also assist with minimizing damage.

References: EC2 Abuse Report Form

VOIPSA

VUC official position: EC2 abuse costs victims time and money. Amazon is 100% accountable for what their customers do with their resources and must react swiftly to complaints.

VUC 60 second rant: This week saw a new feature rolled out, the Voipusers One Minute Issue Talk (VOMIT) where all listeners are encouraged to phone in their VoIP-related rants. Call and leave yours at (518) VUC VOIP or (518) 882-8647.

Follow  @voipusers on Twitter.

, , , , , , , , , , , , , , , , , , , , , , , , , , ,

3 Comments

VoIP and SIP Security, Latest Attacks

Posted by Zeeek/Randulo in VoIP

Podcast: Download

Audio : Download file (TS-317306.mp3)

Sjur Usken and Sandro Gauci have been working together doing research on VoIP security attacks. They recently presented some of their work at Hackcon, a security conference in Norway. In this discussion they’ll be talking about a number of realistic VoIP attacks and what’s being exploited by fraudsters for profit.

Sjur is a telecom consultant in Greenfield Consulting AS in Norway. He has been working with VoIP since 2002 and helping companies migrate to an all IP world.

Sandro is a security researcher and consultant based in the small island of Malta. He is the author of VoIP security tools SIPVicious, VOIPPACK and VOIPSCANNER.com. See http://enablesecurity.com/

, , , , , , , , , , , , , , , , , , , , ,

No Comments