[VOIPSEC] Anyone aware of public disclosures of security incidents related to SIP trunks?
dyork at lodestar2.com
Mon Dec 21 21:26:19 GMT 2009
Can anyone point me to any public disclosures of security incidents
related to SIP trunks? (i.e. SIP connections from an on-premise
IP-PBX/callserver to a SIP service provider) Companies that lost phone
service due to a DoS against a SIP service provider? Disclosure of
information related to info captured from a SIP trunk? Reported toll
fraud due to abuse of a SIP connection? (The famous Pena/Moore case of
2006 was toll fraud over H.323.)
I've been doing some digging but so far haven't found any public
mentions of actual incidents. So either I'm not searching on the right
terms or I suspect any incidents aren't being reported publicly (or are
being classified as some other kind of incidents).
I ask because I'm doing some writing and would like to include a "real"
incident related to SIP trunking security instead of making up a
fictitious "hypothetical" scenario.
Any pointers would be greatly appreciated.
Dan York dyork at lodestar2.com
Disruptive Telephony - http://www.disruptivetelephony.com
Disruptive Conversations - http://www.disruptiveconversations.com/
Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com/
Voice of VOIPSA - http://www.voipsa.org/blog
Voxeo weblogs - http://blogs.voxeo.com/
Twitter - http://twitter.com/danyork
More information about the Voipsec