[nsp-sec] Wireless SMS Vishing attack - got sip.conf - now Vonage contact needed

Chris Morrow morrowc at ops-netman.net
Mon Mar 17 15:17:42 EDT 2008 


On Mon, 17 Mar 2008, Lawrence Baldwin wrote:

> ----------- nsp-security Confidential --------
>
> OK...we'll this is pretty awesome...with the help of Godaddy which lead me
> back to 1&1 (where these miscreants started) I was actually able to get a
> copy of the Asterisk VOIP configs.
>
>
> The SIP trunk they were using were tied to a Vonage account:
>
> register=18602729183:O9ZjZfb6MC at sphone1.voncp.com:5061/18602729183
>
>
> Note: 8602729183 was one of the Vish #'s they were spamming.
>
> Anyone have some security contacts at Vonage?

if you don't have a security POC  I can probably get the CTO to help... 
let me know.

>
> I got this far, might as well keep going.
>
> Regards,
>
> Lawrence.
>
>
> [root at storage02 asteriskinstallin]
> # more sip.conf
> [general]
> port = 5060 ; Port to bind to (SIP is 5060)
> bindaddr = 82.165.178.6; Address to bind to (all addresses on machine)
> context=incoming
> disallow=all
> allow=ulaw
> ;allow=alaw
> ;allow=g729
> ;allow=g723
> externip=82.165.178.6
> nat=yes
> register=18602729183:O9ZjZfb6MC at sphone1.voncp.com:5061/18602729183
>
> [sipgate]
> type=peer
> username=18602729183;
> host=sphone1.voncp.com
> fromuser=18602729183;
> fromdomain=sphone1.voncp.com
> nat=no
> canreinvite=no
> context=sipgate
>
> [18602729183]
> username=18602729183
> type=friend
> secret=O9ZjZfb6MC
> port=5061
> nat=yes
> insecure=very
> host=sphone1.voncp.com
> fromuser=18602729183
> fromdomain=sphone1.voncp.com
> dtmfmode=rfc2833
> canreinvite=no
> defaultexpirey=20
> auth=18602729183:O9ZjZfb6MC at sphone1.voncp.com
> ;allow=g729
> allow=ulaw
> ;allow=alaw
> context=sipgate
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list