11-09-2010, 08:49 AM
| | Re: SIP attacks on SPA
On Tue, 09 Nov 2010 08:25:03 +0000, Mark wrote:
> On Tue, 9 Nov 2010 08:17:51 +0000 (UTC), Gordon Henderson
> <email@example.com> wrote:
>>In article <firstname.lastname@example.org>, Mark
>>>Anyone else had an increasing number of SIP attacks on their ATA?
>>>Symptom was a series of reboots of my SPA3102 typically between 9pm
>>>and 11pm (I heard the PSTN relay clicking unexpectedly).
>>>Delving into the logs there were brute force SIP attacks followed by
>>>soft reboots on "out of memory" errors. It turns out this was
>>>happening several times per day.
>>>Fixed by restricting allowed IP to my service provider domain which is
>>>a severe clamp-down but no real problem for my usage.
>>Criminals the world over are constantly trying to steal resources from
>>VoIP systems. This is no surprise, and it would not surprise me if once
>>they have access to your ATA, they can then extract the SIP account
>>credentials and use it for their own uses.
>>What I do find surprising is that your ATA is accessable from the public
>>Internet - are you port-forwarding to it, or is it on a dedicated IP
> It's behind a home router with a private IP address :(
>>If you don't need to port-forward to it, then don't...
> I don't...
So, I'd be interested to know the mechanism of how this can be done when
these is no port forwarding.
Also, how do you restrict to just your ISP?
Is this in your router or somewhere in the SPA?
Remove 'no_spam_' from email address.
Running Linux Ubuntu 10.04 LTS (Long term Support). Very customisable,
secure,not sluggish, and streets ahead of that other mainstream operating
system. PAN newsreader has filters to get rid of spam.