Podcast: Defending Against SIP Hackers

MikeSmithsBrain

Cloud Therapy with AeroComInc.com E010: SIP Security Tips with Bill Bollinger

VoIP pioneer and co-founder of Appia, Bill Bollinger sees thousands of hack attempts every day. In this episode, he tells Mike his tips on how your company can avoid having their SIP service hacked. He also tells a story of a company that could've done something very simple to avoid getting hacked and paying $10k in fraudulent calls.

JaredBusch

Saw this the other day when looking at the logs for a hosted Asterisk solution I have.

[Jun 27 04:04:59] NOTICE[2773] chan_sip.c: Registration from '1010 <sip:[email protected]:5060>' failed for '81.30.158.12:5085' - Wrong password
[Jun 27 04:05:01] NOTICE[2773] chan_sip.c: Registration from '111 <sip:[email protected]:5060>' failed for '81.30.158.12:52293' - Wrong password
[Jun 27 04:14:59] NOTICE[2773] chan_sip.c: Registration from '1010 <sip:[email protected]:5060>' failed for '81.30.158.12:46824' - Wrong password
[Jun 27 04:15:11] NOTICE[2773] chan_sip.c: Registration from '111 <sip:[email protected]:5060>' failed for '81.30.158.12:5064' - Wrong password
[Jun 27 04:25:03] NOTICE[2773] chan_sip.c: Registration from '1010 <sip:[email protected]:5060>' failed for '81.30.158.12:5098' - Wrong password
[Jun 27 04:25:27] NOTICE[2773] chan_sip.c: Registration from '111 <sip:[email protected]:5060>' failed for '81.30.158.12:34926' - Wrong password
[Jun 27 04:35:08] NOTICE[2773] chan_sip.c: Registration from '1010 <sip:[email protected]:5060>' failed for '81.30.158.12:38950' - Wrong password
[Jun 27 04:35:35] NOTICE[2773] chan_sip.c: Registration from '111 <sip:[email protected]:5060>' failed for '81.30.158.12:5098' - Wrong password
[Jun 27 04:45:06] NOTICE[2773] chan_sip.c: Registration from '1010 <sip:[email protected]:5060>' failed for '81.30.158.12:5095' - Wrong password
[Jun 27 04:45:41] NOTICE[2773] chan_sip.c: Registration from '111 <sip:[email protected]:5060>' failed for '81.30.158.12:36400' - Wrong password
[Jun 27 04:55:00] NOTICE[2773] chan_sip.c: Registration from '1010 <sip:[email protected]:5060>' failed for '81.30.158.12:53867' - Wrong password
[Jun 27 04:55:51] NOTICE[2773] chan_sip.c: Registration from '111 <sip:[email protected]:5060>' failed for '81.30.158.12:42956' - Wrong password
[Jun 27 05:05:11] NOTICE[2773] chan_sip.c: Registration from '1010 <sip:[email protected]:5060>' failed for '81.30.158.12:36470' - Wrong password

RamblingBiped

Wow, this is kind of right along the lines of what I've been researching on remote extensions...

scottalanmiller

@RamblingBiped said in Podcast: Defending Against SIP Hackers:

Wow, this is kind of right along the lines of what I've been researching on remote extensions...

One of the things that we routinely do is to block all non-free calling so even if our extension, PBX or platform were to be hacked, even if they gained access to our SIP trunk, they can't rack up long distance calls or whatever.