[VOIPSEC] Analysis of a VoIP Attack
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Oct 23 10:34:50 CDT 2008
Hendrik Scholz schrieb:
> Hi Alex!
>
> Alex Eckelberry wrote:
>> However, you don't seem to draw the same conclusions,
>> rather that the attackers were simply trying to find insecure gateways.
>
> Has anybody a list of IP ranges scanned/attacked?
> In the cases that I've seen the victims were all running on DSL lines.
> This puts it more into the area of end customer devices and not
> high-bandwidth PSTN gateways.
> Still one would be able to do 2-10 calls per DSL line.
Yes. But usually a provider should detect this in the accounting system
if a user suddenly has a high telephone bill.
Attacking service providers directly probably will give you the best
connectivity, but they are usually harder to hack.
I think the preferred target are enterprises - e.g. the IT guys buy an
ISDN gateway and configure in their IP PBX a trunk to the gateway.
Everthing works fine and they are happy, but have forgotten to make IP
access lists for the gateway. If you find such a gateway, often
connected to PSTN via E1, you can make lots of phone calls before you
get detected.
klaus
More information about the Voipsec
mailing list