[VoiceOps] Large VoIP Attacks?

J. Oquendo sil at infiltrated.net
Mon Nov 25 13:48:52 EST 2013

Been a very fun/interesting morning. Since so much has gone
on, I figured I'd share. We have seen a larger than normal,
if not, one of the largest attacks against some of our VoIP
and video conferencing systems today. Initially, we fielded
a report of a "system gone bad" followed by another, then
another, and another. This has now carried on into some of
our videoconference units (LifeSize).

Because our goal is to get telephony up and running, there
was not much we could do via incident response, so I have
little to add on attack vectors however, I will state that
PBXNSIP has been the primary target, with about a dozen of
these being hit pretty hard to the point I've had to block
all, stop the software and re-start it.

My dealings with vulnerability disclosures has been that,
vendors don't care, so if there is something specific with
PBXNSIP, no one knows, and due to their political bickerings
in house, no one is going to fix it. So for anyone using
this software, long weekend dictates: "lock your **** down."
Same goes for LifeSize.

J. Oquendo

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF

More information about the VoiceOps mailing list