Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Organization: SipXecs Forum In-Reply-To: <[email protected]> X-FUDforum: 08063afcdd00a6e76393c5b9527381e8 <62006> Message-ID: <[email protected]>
I have been wondering the same thing - I've seen a few missed calls from strange numbers and actually wiresharked a hack attempt - I'm guessing the recommendation to port forward 5060 to the server is the weakness. I'm wondering if this is for remote phones and/or itsp's that don't initialise on registration? As much as you can only make calls to internal extensions without registering, there are tools that scan ip ranges and make test calls to various common extension names and log and succesful test calls. The list is presented to a human operator who can then get the computer to brute force for passwords. Once they've done that you pay for their calls. Look up sipvicious for a bit more info. Some hack protection in sipx would be lovely but I suppose really we should be thinking about that at firewall level imho. _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
