[VoiceOps] Strange attacks over the weekend
Carlos Alvarez
carlos at televolve.com
Mon Nov 1 17:13:17 EDT 2010
Alex Balashov wrote:
> ... that we could identify. We don't know if they were part of a
> coordinated scan or just launched in parallel, but they were fairly
> sophisticated in that they detected the nomenclature and length
> assignment patterns in extensions (403 Forbidden vs. 401 Unauthorized,
> I suppose) and zeroed in on those.
What is your methodology for naming SIP accounts? We've discovered that
using something that is alpha followed by punctuation followed by a
number results in zero successful name matches so far. I'm wondering
what convention you use so I can think about whether we'd be vulnerable
to the same discovery. When we put up simple numbers as a registration,
we quickly get lots of attempts to brute force the password, often more
than 5-10/second.
More information about the VoiceOps
mailing list