Thursday, October 29, 2009

VoIP Security, Asterisk, SIP, Brute Force Attacks, Explained By John Todd Of Digium.

VoIP Security
My thoughts when I read the article saying  “Asterisk attacks are endemic” were ????*&^ and I also knew that John Todd knew what he is doing. So I let the article pass as I was certain it was not the case.
Today Todd has posted an article explaining the misinterpretation of his thoughts and the verbalization of the same.

My comment in the article was not that “Asterisk attacks are endemic”, but that SIP-based brute force attacks are endemic.  Every SIP system that is open to the “public” Internet is seeing large numbers of brute-force attacks.  Sites that have weak username and weak password control will be compromised – this is little different than email accounts being taken over by password-guessing systems and used for sending floods of email.  The significant difference is that when someone takes over a SIP platform to make outbound calls, there is usually a direct monetary cost, which gets people’s attention very quickly.
We all know that Asterisk is used world over and is the favorite SIP based telephony platform is likely to attract people who are interested in hacking or attacking the system. But we also have seen security measures taken by Asterisk as well. Just like the one released day before yesterday, AST-2009-07, where the advisory and the fix was released simultaneously.
But what Todd wrote makes sense and as Asterisk, Broadsoft, Cisco, Kamailio, OpenSER, FreeSwitch, Avaya are all vulnerable to brute force attacks and every bit of  information will help. Whether it is news worthy or not.
Asterisk and SIP Security Redux


Blog Widget by LinkWithin