News items for tag voip - Koos van den Hout

There is demand for VoIP over IPv6 so the excuse "there is no demand" or "you're the first one to ask" is no longer true: VoIP6 provider wanted in the Netherlands. Get in touch with them when you are serious.

Fun with someone trying to route sip calls through an asterisk server during my vacation: she or he tried 86 times to reach the same London number, 36 times matched patterns which triggered my scripts to play random your call could not be completed messages, which probably explains why the person kept trying. Maybe I can add some of the new patterns.

Post-mortem overview of a broken-into asterisk install: Asterisk hack post-mortem - Tom Keating tncnet. Nice article, showing how researching a system after a break-in can go from one strange thing to another. Using asterisk .call files to make calls is an interesting new approach to me.

Interesting patterns in trying to reach mobile numbers in the Middle-East. Patterns I have seen several times before on an asterisk server. Keep it safe, especially on asterisk where this can cost real money.

Found via @teamcymru on twitter.

Good overview of VoIP, tools for scanning and possible attacks: VoIP Penetration Testing & Security Risk - Infosec resources.

More attempts to reach Palistinian telephone numbers (+972) via my SIP server, exactly like the attempts last July to reach Palestina mobile numbers. But the upstream audio is the same professional-sounding voice as I heard last December trying to reach a US number. An interesting combination of factors.

So I'm asking the lazywebs: does someone recognize this voice?

Another weird thing recorded on the SIP honeypot: Something which to me sounds like a recording of a voice artist (or 'golden voice'). It was an attempt to use the server from a Palestinian IP to reach +1-404-260-5390, a US phone number for a conferencing system. The recording is attached: note that the audio is very choppy, probably due to packet-loss between the originator in Palestina and my server.

Like in July, attempts to reach Jawwal telecom mobile numbers in Palestina via an asterisk server. But this time with incoming audio, I hear kids in the background and some talking. Very garbled: lots of packet loss on the line and the audio clips. So somebody got a bit of a disappointment when this route for free calls wasn't working out.

An article which reads like the reporter got introduced to low-security VoIP trunks and caller-id spoofing services for the first time: Authorities say 911 call in Wyckoff hoax came from fake, computer-generated phone number - NorthJersey.com.

The 911 caller whose hoax prompted a tense police standoff in a quiet Wyckoff neighborhood used a computer to mask the origin of the call, authorities said Sunday.

A computer crime expert is quoted:

[..] the 911 call likely originated from a so-called IP phone that makes calls over the Internet. Such phones are increasingly common and allow users to choose the phone number that would appear on caller identification devices [..]

They hope to trace the user back to the original IP of the SIP call. I wish them lots of luck finding the IP in the first place: I don't think a lot of the 'wholesale SIP trunking' or 'Caller-ID spoofing services' will log them. They might have more chance of finding the account and the billing information.

Found via Attack on 'Cyberbullying' critic prompts raid by armed cops - The Register.

Most of the attempts at toll fraud through an asterisk server set to catch and record these are lately for a number matching +97259xxxxxxx which according to Telephone numbers in Israel - Wikipedia is a 'Jawwal' mobile number in Palestina. Interesting... not a really expensive call to make but I can imagine a certain interest in hard-to-trace calls to that part of the world, especially since these seem to be routed via Israel. According to the explanation on Telephone numbers in the Palestinian territories - Wikipedia +970 is also the country code for Palestina but it depends on which country you are calling from whether +970, +972 or both work. Politics in phone numbers. The +970 route was never tried via my asterisk.

First good catch after updating the scripts for capturing the audio on attempts at toll fraud through an asterisk server, some calls with incoming audio logged to disk, and some with absolute silence. The calls with audio have serious noise in the background, my best guess is airco noise. But some typing can be heard, some other sounds and one even with a word at the end. I added some audio from that last one.

Boiler-room type telecoms fraud operation? You decide!

What this does mean to me is that someone is actually doing real work to find opportunities for routing calls without paying. This is not an automated script, this is an actual person doing the work.