[AusNOG] VoIP Hack Attempts

Shaun Ewing s.ewing at aussiehq.com.au
Tue Sep 28 09:06:43 EST 2010


On 28/09/10 12:13 AM, "Skeeve Stevens" <Skeeve at eintellego.net> wrote:

>I¹ve got a few customers who have noticed a large recent jump in SIP
>scans against their networks.
> 
>Null routing helps the response but doesn¹t stop the registration
>initiation ­ loading up servers with registrations.

I've seen a lot of it recently as well. A few weeks ago I was seeing ~10k
registration attempts per second directed towards a single server which
had to be stopped using an ACL - like you said, null routing doesn't help.

I also know of two parties running CCME who have had their systems
'hijacked' in recent times all because the person who set it up didn't put
in the appropriate dial peer to block unauthenticated calls.

-Shaun




More information about the AusNOG mailing list