Lots of SIP attacks lately (stuff which ... / 2010-04-19

2010-04-19 Lots of SIP attacks lately (stuff which ...
Lots of SIP attacks lately (stuff which goes on even when I'm more interested in IPv6). First near-standard SIP registration attacks from Amazon EC2, also seen by one of my asterisk installs:
[Apr 10 16:40:30] NOTICE[6890] chan_sip.c: Registration from '"02"<sip:02@xxx.xxx.xxx.xxx>' failed for '184.73.12.46' - No matching peer found
[Apr 10 16:40:30] NOTICE[6890] chan_sip.c: Registration from '"03"<sip:03@xxx.xxx.xxx.xxx>' failed for '184.73.12.46' - No matching peer found
My system wasn't the only one attacked, I saw reports everywhere, including: Amazon EC2 SIP Brute Force Attacks on Rise - VoIP Tech Chat , Amazon EC2 Flood Attacks from the Cloud - VoIP Users Conference, SIP Attacks From Amazon EC2 Going Unaddressed - SlashDot IT and SIP Brute Force Attack Originating From Amazon EC2 Hosts - Stuart Sheldon.
I changed /etc/asterisk/sip.conf to include alwaysauthreject = yes which makes SIP account enumeration impossible: the attacker can't see the difference between 'account does not exist' or 'password not valid'. This violates the SIP rfc but makes attacks a lot harder.
A lot of the articles above give one answer: Amazon EC2 network abuse does not care. Which immediately degrades the 'standing' of their network. You don't care about attacks originating from your network means lots of people won't care about anything originating from your network.

Tags: , , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.55 2021/11/09 13:09:49 koos Exp $ in 0.005328 seconds.