Voice of VOIPSA

Is the voice service outage that TelePacific Communications experienced today the result of cybercriminials attacking TelePacific’s SIP infrastructure?

TelePacific offers a service called “SmartVoice” that appears from their website to be the basic type of SIP service provided by many service providers these days. On March 24th, they started experiencing an outage and their Twitter page tells the tale, from the initial report to the beginning of a recovery to a 50% recovery to more reports on March 25th through to full restoration on the 25th.

Today, however, there is a report in Channel Partners Online provocatively titled: “TELEPACIFIC NETWORK OUTAGE: CYBER-TERRORISM?” The article quotes TelePacific President and CEO Dick Jalkut:

Jalkut said the “cyber attack choked our servers and resulted in a significant loss of service to customers – in most cases an inability to make and receive calls.” But the attack did not impact customers’ Internet or data services.

He goes to say that they have implemented further monitoring and protection, particularly in their session border controllers.

At this point TelePacific indicates they have engaged the FBI to assist in tracking down the external sources of the attack. TelePacific also indicates that they plan to more information during upcoming industry forums and I look forward to hearing more about this. From the bare details provided thus far, it certainly sounds like an attack focused on their SIP infrastructure – and it would be good for the rest of the industry to hear about and learn from.

P.S. Kudos to TelePacific, too, for what appears to be a solid use of Twitter as a way to keep customers and others informed of what was going on during the outage.

If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.

The Digium security team issued two security advisories this week for Asterisk:

• AST-2011-003: Resource exhaustion in Asterisk Manager Interface
• AST-2011-004: Remote crash vulnerability in TCP/TLS server

The second one, AST-2011-004, is the far more concerning because it indicates that a remote attacker could connect to an Asterisk system and cause it to crash.

The solution, in both cases, is to upgrade to the latest Asterisk releases.

UPDATE: 3/18/11 – Olle Johansson pointed out on Twitter:

Either upgrade or do not use SIP/TCP. Installations only using SIP/udp is not affected and do not need to upgrade.

Thanks for the clarification, Olle.

By way of the Infosthetics site, I learned this morning of a video produced by Dataviz Australia that uses data from a VoIP honeypot server to visualize what the attack looks like. The Dataviz Australia blog post has more information about what they are specifically showing here. I am always intrigued to see how people can come up with new ways to enable us to look at data differently, and this is an interesting video for that. Enjoy…

Visualizing a cyber attack on a VOIP server from Ben Reardon, Dataviz Australia on Vimeo.

If you have been at the Enterprise Connect show this week in Orlando, Florida, one of the perhaps unexpected booths on the exhibit hall floor was that of the National Security Agency (NSA). The booth was staffed by two great guys (who rapidly moved away when I raised my iPhone camera) who explained that they were there as part of the agency’s “Commercial Solutions Center” looking to find commercial technology that can help with the secure mobile solutions they are looking to deploy for the NSA.

One of the NSA staff will be on a Enterprise Connect communications security panel at 9:00am in the “Sun B” room of the Gaylord Palms tomorrow (Thursday, March 3, 2011). They are also hosting a private meeting tomorrow at the Gaylord Palms from 1-3pm for people interested in learning more. The best way to find out more about that meeting would probably be to attend the 9am session. (They were promoting details at their booth, too, but the exhibit area is now closed.)

Good to see the NSA reaching out to the commercial sector and when more information is available about their program (they said it would be soon) I’ll update this post.

Tonight I upgraded Voice of VOIPSA to the shiny new WordPress 3.1. It looks like there are no issue with our theme or any other part of the site, but if you do see anything funky, please do let me know. And if you are one of the bloggers here on the site, you may see a few changes to the user interface, and you have some very cool new ways to easily link to other articles on the site (if you are writing using the web interface).

I was not out at this year’s RSA Conference, but was following some of the conversation via Twitter. I noticed a number of good videos coming out of the event, and liked this “summary” video from David Sparks that does give an overview of some of the major themes:

David was out there on behalf of Tripwire, Inc, and produced a number of other good video interviews. I enjoyed this one with my friend Martin McKeay of the Network Security Podcast on the topic of “why is ‘cloud security’ so over hyped?”

Over on the Tekelec blog today, Dorgham Sisalem writes on “DNS and SIP: Threats and Protection“, an area of discussion that, quite frankly, hasn’t really received much attention. DNS plays a vital role in VoIP and unified communications, and so the security around DNS and SIP definitely deserves consideration. The post is not too long, so rather than summarize, I’ll just point you over there…

Can you trust “the cloud” to be there for communications? What about latency issues? availability? What should you be most concerned about?

Those are issues that I (Dan York) will be discussing on a panel on Friday, Feb 4, 2011, at the Cloud Communications Summit in South Beach, Miami. The abstract is:

There’s a general consensus that Cloud Communications improves the bottom line while reducing both financial and technology risks. What about from a security perspective? This session identifies the differences between premise based and cloud based offerings from a security perspective, and provides the audience with a checklist of what to worry about as they move into the cloud. This session is appropriate for both business and technologists.

I’ll be on the panel along with folks from Rackspace, Pac-West and Path Solutions and the whole session will be moderated by analyst Dave Michels. It should be a fun discussion… if you are down in Miami, do come and join us!

Will you be in South Beach, Miami, next week for the collection of conferences around TMC’s ITEXPO event? If so, I’ll be there participating in two sessions in Ingate System’s SIP Trunking Workshop.

First, on Wednesday, February 2nd, I’ll be on a panel at 1pm about “SIP, UC and Security”. We’ve done this panel at other ITEXPO events and it has always created some interesting conversations and discussions.

The following morning, February 3rd, at 9am, I’ll be part of a panel on “Unified Communications” where security will be one of the many factors discussed.

If you are down in Miami for ITEXPO, the Cloud Communications Summit, Digium/Asterisk World or any of the other events, please do stop by and say hello… or find me down at one of the sessions I’m in (my schedule is online). You can always email me or ping me on Twitter.

It may be a wee bit of a late notice for folks to join the call live, but in about 50 minutes, the VoIP Users Conference will have their weekly live call talking this week with folks from Humbug Telecom Labs about their tools for detecting and analyzing VoIP fraud.

You can join the live call via SIP, Skype or the regular old PSTN. There is also an IRC backchannel that gets heavy usage during the call.

If you can’t attend the call live, a recording of the session will be made available later from the episode’s web page.

If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.