Solved

Mysterious SIP Brute force

Posted on 2014-02-18
4
383 Views
Last Modified: 2014-02-19
Strangely I keep getting SIP 5060 mysterious phone calls, with 'Unrecognized RTP' from Santa Monica and New York, what would the purpose of those be?
They must be randomly trying IP's on port 5060, but why?
0
Comment
Question by:Silas2
  • 2
  • 2
4 Comments
 
LVL 20

Expert Comment

by:agonza07
ID: 39868157
Lots of hackers out there in the world, and bunch of programs just scanning the internet.

I had a brand new phone installation a while back, and before I could bring up the firewall, I already had someone hacking my phone system making calls to Jamaica...
0
 

Author Comment

by:Silas2
ID: 39868366
Yes, but how could they hack thru a sip phone? I'm just curious. They phone into it, are they then trying to piggy-back off my registration? They would have to find some way of taking control of the phone wouldn't they?
A rogue incoming call can't do anything can it?
Is there some buffer overflow attack on SIP phones?
0
 
LVL 20

Accepted Solution

by:
agonza07 earned 125 total points
ID: 39868634
Check this out.

http://blog.sipvicious.org/

In this case, however, things are a bit different. While launching an INVITE scan on a vulnerable PBX system can be useful for the hacker, doing the same thing on an IP Phone (or VoIP Phone) just makes it ring. While some phones will only ring when the correct number is called, others ring when any number (or rather, any SIP address) is specified in the INVITE message. So the attackers/hackers/cyber-criminals ended up getting phones to ring. I think this is a mistake that they were making, possibly because they are not differentiating between a phone and a PBX system
0
 

Author Comment

by:Silas2
ID: 39870317
Yes, thanks,  that's probably it.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In my office we had 10 Cisco 7940G IP phones that were useless as they were showing PROTOCOL APPLICATION INVALID when started. I searched through Google and worked for a week continuously on those phones, and finally got them working. This is a di…
I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now