Hello everyone! So not even a week after attending the IT360 show and hearing all about VoIP security and attacks, I happened to be watching my server when I saw this come across my screen:
[Apr 13 23:23:00] NOTICE[5843]: chan_sip.c:15071 handle_request_register: Registration from '"9979"<sip:[email protected]<sip%[email protected]>>' failed for '81.169.138.112' - No matching peer found [Apr 13 23:23:00] NOTICE[5843]: chan_sip.c:15071 handle_request_register: Registration from '"9980"<sip:[email protected]<sip%[email protected]>>' failed for '81.169.138.112' - No matching peer found [Apr 13 23:23:00] NOTICE[5843]: chan_sip.c:15071 handle_request_register: Registration from '"9981"<sip:[email protected]<sip%[email protected]>>' failed for '81.169.138.112' - No matching peer found [Apr 13 23:23:00] NOTICE[5843]: chan_sip.c:15071 handle_request_register: Registration from '"9982"<sip:[email protected]<sip%[email protected]>>' failed for '81.169.138.112' - No matching peer found [Apr 13 23:23:00] NOTICE[5843]: chan_sip.c:15071 handle_request_register: Registration from '"9983"<sip:[email protected]<sip%[email protected]>>' failed for '81.169.138.112' - No matching peer found I have not included all the text, only a portion of it, but it continued on right up to sip peer 9999. I have xxx'ed out my IP address. I did a trace route and found that the IP address is based in Germany somewhere, so I do believe it is an attempt to access a SIP account and register a phone line. For those out there who think that security isn't too much of an issue just because it is a single instance of Asterisk you are running on a small computer, bear in mind that this is proof it can happen to anyone! I am happy to say that (to my knowledge at least) my system was locked down and secured enough that the potential attacker was unable to access my system, thus saving me a lot of money and trouble! I strongly suggest everyone take a look at their systems and see if there are any vulnerabilities since it appears VoIP attacks are on the rise! Thanks again to Stephan who presented the VoIP attacks presentation both at IT360 and TAUG last week. It was a good discussion, and now I can add my 2 cents about the need for VoIP security! Cheers! Chris -- Christopher Allsop, Hon.B.A President / Telecom Consultant All-Aboard Telecom Inc. 416 477-2566 1 866 519-6146 [email protected] www.allaboardtelecom.ca For more contact information, visit: allaboardtelecom.tel This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager at [email protected] The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. All-Aboard Telecom Inc, 2000 Appleby Line, Suite 356,Burlington, ON. Canada. L7L 7H7 www.allaboardtelecom.ca
