Solved

Mysterious SIP Brute force

Posted on 2014-02-18
4
388 Views
Last Modified: 2014-02-19
Strangely I keep getting SIP 5060 mysterious phone calls, with 'Unrecognized RTP' from Santa Monica and New York, what would the purpose of those be?
They must be randomly trying IP's on port 5060, but why?
0
Comment
Question by:Silas2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 20

Expert Comment

by:agonza07
ID: 39868157
Lots of hackers out there in the world, and bunch of programs just scanning the internet.

I had a brand new phone installation a while back, and before I could bring up the firewall, I already had someone hacking my phone system making calls to Jamaica...
0
 

Author Comment

by:Silas2
ID: 39868366
Yes, but how could they hack thru a sip phone? I'm just curious. They phone into it, are they then trying to piggy-back off my registration? They would have to find some way of taking control of the phone wouldn't they?
A rogue incoming call can't do anything can it?
Is there some buffer overflow attack on SIP phones?
0
 
LVL 20

Accepted Solution

by:
agonza07 earned 125 total points
ID: 39868634
Check this out.

http://blog.sipvicious.org/

In this case, however, things are a bit different. While launching an INVITE scan on a vulnerable PBX system can be useful for the hacker, doing the same thing on an IP Phone (or VoIP Phone) just makes it ring. While some phones will only ring when the correct number is called, others ring when any number (or rather, any SIP address) is specified in the INVITE message. So the attackers/hackers/cyber-criminals ended up getting phones to ring. I think this is a mistake that they were making, possibly because they are not differentiating between a phone and a PBX system
0
 

Author Comment

by:Silas2
ID: 39870317
Yes, thanks,  that's probably it.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Although VoiceOver IP has been around for a while, internet connections have only recently become fast enough to provide good call quality. Now, VoIP has become a real option for businesses looking at ways to improve their business model. In this ar…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question