Hi,
I had my phone ringing today, with the caller ID SIP VICIOUS
I had a look on google and this is pretty much scary !!
a Sip Hacker ???
Is there a way to fight this Spam …hacker… ?
Thanks
Hi,
I had my phone ringing today, with the caller ID SIP VICIOUS
I had a look on google and this is pretty much scary !!
a Sip Hacker ???
Is there a way to fight this Spam …hacker… ?
Thanks
iptables or hardware firewall
make sure that you use acls etc.
basicly the usual security rules apply
Ian
hi,
But what can we do ?
I had a look on you tube, apparently. the system can hack password !!!
The * server is behind a NAT at the moment, with firewall on the router…
Honestly, I don’t know what the iptables can give me more… !!!
If sip vicious can detect passowrd… sounds to be hard to protect, unless we can have phones with SSL ( and I don’t )
Is there anybody with more info on how sip vicious operate ?
Ta.
Hi
blogs.digium.com/2009/03/28/sip-security/
AFAIK sip vicious can guess your password I dont think it knows it,
Ian
Welll…
If you just have SIP providers you are connecting to isolate the SIP traffic on your firewall to a few IP address blocks.
As for phones on the outside that need to connect through the firewall, presumably because NAT support for SIP/* sucks beyond all reason, isolate all of the SIP traffic to be the current IP addresses of your remote SIP phones.
Or you could use a VPN… that seems to be how a lot of people do it.
You could get the current IP addresses of the phones by making a very simple secured website and have your users just log into it. The remote IP address is easily accessible in this fashion. Update your iptables with the new information and remove stale records after 48 hours. Most mobile users will only be inconvenienced in a minor fashion for the first few minutes setting up, it gives the suits the impression your on top of the security considerations, and makes your life a heck of a lot easier.
Once you effectively have a white list of IP addresses capable of even reaching the * server it makes compromising your setup many, many, orders more difficult for the would be hacker.
I mean seriously… do you expect IP addresses from other countries being authorized by your secured website? Probably not. Which is the only way some low-life is going to begin his journey hacking your * from someplace like France, Romania, or China. Of course he would have to know that is the function of the website in the first place.
Other than that…
It takes a little bit of work but you can lock down your * server TIGHT and you don’t have to worry as much about those programs like SIP Vicious sniffing around. If they never get a response from your * server in the first place they are going to move on.
P.S - All of this does not mean jack diddly poop if you have SSH open to your * from the outside with a weak password.