[VoiceOps] Strange attacks over the weekend

Alex Balashov abalashov at evaristesys.com
Mon Nov 1 16:28:03 EDT 2010

One of our large local customers here in Atlanta was hit with a 
brute-force and extremely intensive REGISTER scan late this 
morning/early this afternoon from 5 IPs -- 2 in Indonesia, 1 in 
Argentina, 1 in Russia, and one other from the Philippines that I don't 
have on hand:

... that we could identify.  We don't know if they were part of a 
coordinated scan or just launched in parallel, but they were fairly 
sophisticated in that they detected the nomenclature and length 
assignment patterns in extensions (403 Forbidden vs. 401 Unauthorized, I 
suppose) and zeroed in on those.

No toll fraud took place, but they did take down several Asterisk 
processes due to Asterisk's inability to cope with this volume of 
requests.  I would have put the intensity at about ~5-10 per second.

Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

More information about the VoiceOps mailing list