[nsp-sec] Wireless SMS Vishing attack - got sip.conf - now Vonage contact needed
Lawrence Baldwin
baldwinl at mynetwatchman.com
Mon Mar 17 14:30:05 EDT 2008
OK...we'll this is pretty awesome...with the help of Godaddy which lead me
back to 1&1 (where these miscreants started) I was actually able to get a
copy of the Asterisk VOIP configs.
The SIP trunk they were using were tied to a Vonage account:
register=18602729183:O9ZjZfb6MC at sphone1.voncp.com:5061/18602729183
Note: 8602729183 was one of the Vish #'s they were spamming.
Anyone have some security contacts at Vonage?
I got this far, might as well keep going.
Regards,
Lawrence.
[root at storage02 asteriskinstallin]
# more sip.conf
[general]
port = 5060 ; Port to bind to (SIP is 5060)
bindaddr = 82.165.178.6; Address to bind to (all addresses on machine)
context=incoming
disallow=all
allow=ulaw
;allow=alaw
;allow=g729
;allow=g723
externip=82.165.178.6
nat=yes
register=18602729183:O9ZjZfb6MC at sphone1.voncp.com:5061/18602729183
[sipgate]
type=peer
username=18602729183;
host=sphone1.voncp.com
fromuser=18602729183;
fromdomain=sphone1.voncp.com
nat=no
canreinvite=no
context=sipgate
[18602729183]
username=18602729183
type=friend
secret=O9ZjZfb6MC
port=5061
nat=yes
insecure=very
host=sphone1.voncp.com
fromuser=18602729183
fromdomain=sphone1.voncp.com
dtmfmode=rfc2833
canreinvite=no
defaultexpirey=20
auth=18602729183:O9ZjZfb6MC at sphone1.voncp.com
;allow=g729
allow=ulaw
;allow=alaw
context=sipgate
More information about the nsp-security
mailing list