[130589] in North American Network Operators' Group
Re: Scam telemarketers spoofing our NOC phone number for callerid
daemon@ATHENA.MIT.EDU (J. Oquendo)
Wed Oct 6 12:50:15 2010
Date: Wed, 06 Oct 2010 12:50:01 -0400
From: "J. Oquendo" <sil@infiltrated.net>
To: William Herrin <bill@herrin.us>
In-Reply-To: <AANLkTikD7in6K21J8uOiTB8xdAD5=ZhCnRkFtz3Arq=1@mail.gmail.com>
Cc: "\(nanog@nanog.org\)" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
William Herrin wrote:
> On Wed, Oct 6, 2010 at 10:37 AM, Dan White <dwhite@olp.net> wrote:
>
>> If your PBX is SIP based, you might be victim of a SIP registration hijack,
>> which are on the rise, based on traffic we've been seeing in our network.
>>
>
> I had my unpublished asterisk box up for all of two days before
> getting half a megabit per second worth of false SIP registration
> attempts. Filled /var/log. I had to write a script to dynamically
> filter source IPs with too many failures.
>
> Regards,
> Bill Herrin
>
>
"A Simple Asterisk Based Toll Fraud Prevention Script"
http://www.infiltrated.net/asterisk-ips.html
Cheap marketing of a free RBL for VoIP: http://www.infiltrated.net/voipabuse
Anyhow, I spoke about this last week (toll fraud abuse via IP PBX
tricksters). Show # 275
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=22622&cmd=tc
http://voipsa.org/blog/2010/09/29/voip-attackers-sometimes-they-come-back/
http://voipsa.org/blog/2010/09/28/voip-abuse-project/
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT
"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett
227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
