Live every Friday at 12 Noon Eastern time
VoIP Users Conference
ZipDX using g722 or g711 sip:200901@login.zipdx.com
ZipDX PSTN: +1 567 252 2286 iNum: +883 5100 123 94882
Stay in touch VUC Mailing List : VUC FaceBook Page : iTunes 
24/7 Leave a message or send an SMS : (518) VUC-VOIP (882-8647) : IRC #vuc
Posts Tagged attacks
SIP Hacks: who should filter what, where?
Posted by Zeeek/Randulo in VoIP
Podcast: Download
Audio : Download file (TS-359935.mp3)
Among others, Ward Mundy (Nerd Vittles, our guest next week) and many of the VUC regulars join in this violent argument civil discussion about who is responsible for filtering, where it should take place and the how and why of their ideas on the subject.
If you’re into SIP technology, you’ll want to hear this discussion about who should protect people from SIP “CallerID stuffing” among Ward Mundy, Fred Posner (VoIP Tech Chat), Tim Panton, Karl Fife, Leif Madsen and the rest of the great gang of VoIP regulars. This is why you need to join us LIVE every Friday!
Programmers differ enormously over who should filter incoming data and where. There is no right answer, although the main point is to protect your users against whatever possible attacks might come through your system or pbx.
Dan York’s 7 Deadliest UC Attacks
Posted by Zeeek/Randulo in Books, VoIP
Podcast: Download
Audio : Download file (TS-359281.mp3)
Dan York’s name is certainly familiar to you if you’re a fan of VoIP. He has made a video to explain why he wrote this book. Dan’s credentials are strong and he’s an active community member. You’ve seen him in airports between conferences, or even at one of those Voxeo events.
Dan’s blog (perhaps we should say one of his many blogs) is Disruptive Telephony. Dan can be found on Twitter as @DanYork and he’s on Linkedin, Facebook, etc. Finding those links is left as an exercise for the enthusiastic student. 
While I’m not sure what his current role there is, Dan is a part of another effort you should know about, the VoIP Security Alliance aka VOIPSA where he writes on the VOIPSA blog.
Amazon Indifference to EC2 Attacks Continues
Posted by Zeeek/Randulo in The Rest, VoIP
EC2 attacks continue with no help from them. Amazon continues its “head in the sand” approach to our community and this is unacceptable. Forgive the intrusion on this page, look below for the VUC sessions.
You can help push this to their attention:
Please make sure you keep this issue visible by voting it up on SlashDot. If you haven’t followed out discussions, see Fred’s story. Asterisk user mailing list has a lot of info on it as well. Post on Twitter, their robot stupidly repeats all comments that contain EC2 so don’t forget to use that mention in anything you post. Post on your blogs and any forums you can.
I expected better from Amazon and I’ll withdraw my significant business from them if they don’t rise up to the challenge.
Amazon EC2 Flood Attacks from the Cloud
Posted by Zeeek/Randulo in VoIP
Podcast: Download
Audio : Download file (EC2Attacks.mp3)
Part of this article is an edited summary of material from VoipTechChat.com
Complaints of rampant SIP Brute Force Attacks coming from servers with Amazon EC2 IP Addresses cause many admins to simply drop all such traffic. Generally, SIP brute force attacks attempt to register various peer names to a system and/or attempt to guess passwords of known/guesses peers or endpoints. The object is theft of resources.
The complaints mentioned this weekend show an excessive amount of traffic; with some providers claiming 6GB of traffic dedicated to such attacks. Since we ourselves received an attack from an Amazon hosted server, we also reported and complained to the Amazon NOC/Abuse depts.
There are various techniques to assist with minimizing DDoS and Brute Force attacks, such as limiting access via the public internet, using strong passwords, not mapping extension name to peer/endpoint name, limiting simultaneous calls, and aggressively monitoring usage. Automatic blocking of abusive IP’s (fail2ban, blockhosts, etc.) can also assist with minimizing damage.
References: EC2 Abuse Report Form
VUC official position: EC2 abuse costs victims time and money. Amazon is 100% accountable for what their customers do with their resources and must react swiftly to complaints.
VUC 60 second rant: This week saw a new feature rolled out, the Voipusers One Minute Issue Talk (VOMIT) where all listeners are encouraged to phone in their VoIP-related rants. Call and leave yours at (518) VUC VOIP or (518) 882-8647.
Follow @voipusers on Twitter.
VoIP and SIP Security, Latest Attacks
Posted by Zeeek/Randulo in VoIP
Podcast: Download
Audio : Download file (TS-317306.mp3)
Sjur Usken and Sandro Gauci have been working together doing research on VoIP security attacks. They recently presented some of their work at Hackcon, a security conference in Norway. In this discussion they’ll be talking about a number of realistic VoIP attacks and what’s being exploited by fraudsters for profit.
Sjur is a telecom consultant in Greenfield Consulting AS in Norway. He has been working with VoIP since 2002 and helping companies migrate to an all IP world.
Sandro is a security researcher and consultant based in the small island of Malta. He is the author of VoIP security tools SIPVicious, VOIPPACK and VOIPSCANNER.com. See http://enablesecurity.com/