[VoiceOps] Strange attacks over the weekend

Alex Balashov abalashov at evaristesys.com
Mon Nov 1 17:15:34 EDT 2010


On 11/01/2010 05:13 PM, Carlos Alvarez wrote:
>
>
> Alex Balashov wrote:
>> ... that we could identify. We don't know if they were part of a
>> coordinated scan or just launched in parallel, but they were fairly
>> sophisticated in that they detected the nomenclature and length
>> assignment patterns in extensions (403 Forbidden vs. 401 Unauthorized,
>> I suppose) and zeroed in on those.
>
> What is your methodology for naming SIP accounts? We've discovered that
> using something that is alpha followed by punctuation followed by a
> number results in zero successful name matches so far. I'm wondering
> what convention you use so I can think about whether we'd be vulnerable
> to the same discovery. When we put up simple numbers as a registration,
> we quickly get lots of attempts to brute force the password, often more
> than 5-10/second.

4-digit extension numbers, but unfortunately it's not my methodology, 
it's the customer's.  Not my choice.

The passwords, however, are extremely strong.

-- 
Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/


More information about the VoiceOps mailing list