Scam telemarketers spoofing our NOC phone number for callerid

J. Oquendo sil at infiltrated.net
Wed Oct 6 16:50:01 UTC 2010


William Herrin wrote:
> On Wed, Oct 6, 2010 at 10:37 AM, Dan White <dwhite at olp.net> wrote:
>   
>> If your PBX is SIP based, you might be victim of a SIP registration hijack,
>> which are on the rise, based on traffic we've been seeing in our network.
>>     
>
> I had my unpublished asterisk box up for all of two days before
> getting half a megabit per second worth of false SIP registration
> attempts. Filled /var/log. I had to write a script to dynamically
> filter source IPs with too many failures.
>
> Regards,
> Bill Herrin
>
>   

"A Simple Asterisk Based Toll Fraud Prevention Script"
http://www.infiltrated.net/asterisk-ips.html

Cheap marketing of a free RBL for VoIP: http://www.infiltrated.net/voipabuse

Anyhow, I spoke about this last week (toll fraud abuse via IP PBX
tricksters). Show # 275
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=22622&cmd=tc

http://voipsa.org/blog/2010/09/29/voip-attackers-sometimes-they-come-back/
http://voipsa.org/blog/2010/09/28/voip-abuse-project/


-- 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E





More information about the NANOG mailing list