Solved

Mysterious SIP Brute force

Posted on 2014-02-18
4
385 Views
Last Modified: 2014-02-19
Strangely I keep getting SIP 5060 mysterious phone calls, with 'Unrecognized RTP' from Santa Monica and New York, what would the purpose of those be?
They must be randomly trying IP's on port 5060, but why?
0
Comment
Question by:Silas2
  • 2
  • 2
4 Comments
 
LVL 20

Expert Comment

by:agonza07
ID: 39868157
Lots of hackers out there in the world, and bunch of programs just scanning the internet.

I had a brand new phone installation a while back, and before I could bring up the firewall, I already had someone hacking my phone system making calls to Jamaica...
0
 

Author Comment

by:Silas2
ID: 39868366
Yes, but how could they hack thru a sip phone? I'm just curious. They phone into it, are they then trying to piggy-back off my registration? They would have to find some way of taking control of the phone wouldn't they?
A rogue incoming call can't do anything can it?
Is there some buffer overflow attack on SIP phones?
0
 
LVL 20

Accepted Solution

by:
agonza07 earned 125 total points
ID: 39868634
Check this out.

http://blog.sipvicious.org/

In this case, however, things are a bit different. While launching an INVITE scan on a vulnerable PBX system can be useful for the hacker, doing the same thing on an IP Phone (or VoIP Phone) just makes it ring. While some phones will only ring when the correct number is called, others ring when any number (or rather, any SIP address) is specified in the INVITE message. So the attackers/hackers/cyber-criminals ended up getting phones to ring. I think this is a mistake that they were making, possibly because they are not differentiating between a phone and a PBX system
0
 

Author Comment

by:Silas2
ID: 39870317
Yes, thanks,  that's probably it.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey there Heard about jingle, the add on for XMPP that enables point to point audio between two XMPP clients. No server config necessary. Actually quite a cool feature. However, how good is it if you can not use those voice capabilities to do a P…
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question