[asterisk-users] Sip Registration Hijacking

eherr email.eherr9633 at gmail.com
Fri Jan 20 10:17:09 CST 2012


I always thought Sip Vicious only does numbers ( 0 - 100NNNN ) not Numberic-Alpha ( 100-MySipUserName ).

To make my situation more interesting is that I also have fail2ban installed banning after 5 failed attempts.

This hijack is only happening to an extension on the honeypot audiocodes with the sip reg authenticating back to my honey pot
asterisk which is why I thought it might be a vulnerability in the audiocodes.

However, the hijacker manages to make it past the fail2ban and gets the sip reg.

I see sipvicious attempts all the time where they run checks against extensions 0 - 9999. 

Sometimes I see alpha extension name attempts but I do not know how that's done.

--E

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Alejandro Imass
Sent: Friday, January 20, 2012 11:10 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Sip Registration Hijacking

On Thu, Jan 19, 2012 at 8:36 PM, eherr <email.eherr9633 at gmail.com> wrote:
> I have a honey pot box with extensions that are not just numbers ie )
>
>
>
> 100-MySipUserName
>
>
>

I have the same problem and I use contactpermit with specific ip blocks!

I know for a fact I'm getting hijacked by sip vicious on extension 100
but I can't understand how because I don't even have an extension 100
declared anywhere. I would like to know how to block this MF because
he makes calls at 1-2 AM

-- 
Alejandro Imass

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list