[OT] To people with VoIP SIP Clients (twinkle, etc), friendly-scanner DOS attack
Wolfgang S. Rupprecht
wolfgang.rupprecht at gmail.com
Thu Oct 14 20:23:54 UTC 2010
Rick Sewill <rsewill at gmail.com> writes:
> This past weekend, I suffered a DOS attack launched against VOIP SIP
> Clients. The attack came, at different times, from 3 separate IP addresses.
I'm seeing a vast increase in attemted SIP registers too. Asterisk (f13
more or less stock via yum) seems to handle the onslaught well enough,
other than filling up the logs with pages and pages of failed requests.
Anyone that isn't using computer generated, large passwords for their
SIP registrations is probably exeriencing the joys of someone running up
their phone bills with their VOIP/POTS gateway service.
I'll probably start blocking all incomming SIP (both UDP and TCP) except
from known peers and clients. Luckily I don't have any dynamic SIP
clients that roam the net at large.
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ (IPv6-only)
More information about the users
mailing list