SIP Brute Force Attacks Escalate Over Halloween Weekend.

Monday, 1. November 2010

SIP brute force attacks escalate over Halloween weekend.

Looks like the bad guys were up to no good again this weekend. SIP based PBX operators reported a huge increase in bogus registration attempts against their systems over the Halloween weekend. Our hosted PBX farm experienced this increase first hand. Logs showed an attack from a new and unique IP address about every minute. At the end of the weekend, over 1300 unique IP addresses were logged.

Read more »

Share

Amazon Brute Force SIP Attacks – Dave Michels Interviews Me

Monday, 19. April 2010

Amazon Brute Force SIP Attacks – Dave Michels Interviews Me.

Shortly After my “SIP Brute Force Attack Originating From Amazon EC2 Hosts” post, Dave Michels interviewed me for an article Dark Side of the Cloud. This is that interview:

Dave:   What do you believe the intent was of the attacks? Free long distance?

Stu: Certainly free long distance would be one reason… But there are many other reasons to hijack a SIP account. I’m sure that organized crime would pay for a block of active SIP logins. They could use them to circumvent surveillance, or possibly use them for fraudulent boiler room calls about extended warranties and such.

Remember, most folks still believe that the Telephone System is secure… They tend to believe someone who is calling them.

Read more »

Share

SIP Brute Force Attack Originating From Amazon EC2 Hosts

Sunday, 11. April 2010

SIP Brute Force Attack Originating From Amazon EC2 Hosts.

I woke up Saturday morning to find strangely high network activity on some of our inbound connections. After a quick review, it turned out that most of the traffic was going into several of our hosted PBX systems. After a little more digging, I discovered that several systems on the Amazon EC2 network were preforming brute force attacks, against our VoIP servers. They were attempting to guess user names and passwords for our SIP clients. I immediately blocked all traffic from the attacking IPs and examined the logs. Thankfully, I found that non of the attacks had succeeded in guessing passwords.

Read more »

Share

Twitter Down. Reports Under DoS Attack.

Thursday, 6. August 2009

What exactly is a DoS Attack?

In simple terms, a DoS or Denial of Service attack is when a system or group of systems, create traffic to a web site or network service, that causes an overload of the equipment and forces the web site or network service to drop or ignore real requests.

What we know at this time.

At the time or my writing, Twitter had gotten some control over this problem, and can now display web pages again, but are not accepting posts.

Facebook appears to have slowed down as well, but this is being attributed to the increased traffic to Facebook due to the Twitter problem.

— Stu

Share