[VoiceOps] Strange attacks over the weekend

Carlos Alvarez carlos at televolve.com
Mon Nov 1 17:13:17 EDT 2010

Alex Balashov wrote:
> ... that we could identify.  We don't know if they were part of a 
> coordinated scan or just launched in parallel, but they were fairly 
> sophisticated in that they detected the nomenclature and length 
> assignment patterns in extensions (403 Forbidden vs. 401 Unauthorized, 
> I suppose) and zeroed in on those.

What is your methodology for naming SIP accounts?  We've discovered that 
using something that is alpha followed by punctuation followed by a 
number results in zero successful name matches so far.  I'm wondering 
what convention you use so I can think about whether we'd be vulnerable 
to the same discovery.  When we put up simple numbers as a registration, 
we quickly get lots of attempts to brute force the password, often more 
than 5-10/second.

More information about the VoiceOps mailing list