[VoiceOps] VoIP Abuse Project

Carlos Alvarez carlos at televolve.com
Mon Sep 20 14:41:52 EDT 2010

Leandro Dardini wrote:

> I am sorry, but I really don't understand how fail2ban can be used
> against me.

It's a simple/easy DOS attack.  If someone can send packets with a 
spoofed source address, they can cause you to filter your upstream or 
your client.  For the upstream providers with static IPs, that should be 
easy to fix with a whitelist.  I don't believe that knowing your 
customers' dynamic IPs is a realistic attack.

My experience with repeated attempts to crack SIP is that it only 
happens to us if we have simple registration names (IE, registration 
name is the extension number).  We've gone away from that completely and 
I can't recall the last time we saw someone try to brute force one of 
our accounts.  I see registration attempts against sequential numbers 
(301, 302, 303.....) but since the accounts simply don't exist, there's 
really little harm.

Carlos Alvarez

More information about the VoiceOps mailing list