[VOIPSEC] Actual Attacks
Thomas Howe
howethomas at aol.com
Fri Feb 25 10:18:20 CST 2005
Hmmmm.... no one's stepping up and giving us actual attacks here...
Well, I'll give you a few. I was involved in Tangerine, which was
awesome in that we had over 200 service provider installations (some
even made money!) and here's some of the things we saw...
1) We saw many hacking attempts (some succesful) on the computers that
hosted our software. Now, they had nothing to do with VoIP, but they
brought down service anyways.
2) I've seen DDOS service attacks, but only by accident. We've had soft
clients get pointed to a gateway instead of the proxy, and the gateways
get flooded with registrations that it can't handle.
3) I've seen internal people purposely bring down VoIP networks by
misconfiguration.
4) I've seen customers reverse engineer IP addresses from far end
gateways to establish business relationships outside of the intermediary
that orginally brought them together.
5) I've seen many, many, many, (many, many) grey market carriers work at
putting more traffic through routes than they had persmission to, mask
origination points to avoid billing, etc.
Those are the basic things I've seen- if any really good ones come to
mind, I'll forward them.
Tom
More information about the Voipsec
mailing list