[VOIPSEC] Security collaborations
CunningPike
cunningpike at gmail.com
Fri Feb 26 18:23:07 CST 2010
On Fri, Feb 26, 2010 at 7:43 AM, J. Oquendo <sil at infiltrated.net> wrote:
>
> Hey all, unsure if I posted this idea to the list before, but I'll do so
> again...
>
> I've been thinking about putting together something similar to
> Shadowserver's listing in regards to VoIP systems.
>
> The idea is a simple one: Share information on VoIP based attackers.
> Whether it's via scripts or submitted logs.
>
> My concept is to use a program that detects VoIP toll fraud and brute
> forcers and send the offenders IP addressing and all relevant
> information to a source which others can use to block out attackers.
>
> Now I know the nature of IP and I'm well aware of spoofing attacks
> however, when it comes to VoIP attacks from what I've seen and analyzed,
> there is almost always a definitive trend - I can discuss this off-list
> - brute forcers and attackers are using. So it's difficult for someone
> to spoof. Attacking a PBX from a compromised host is an altogether
> different subject nevertheless, what is the interest in this?
>
> Think of: Spamhaus meets Shadowserver meets an IPS system being distributed.
>
Are the attacks you're talking about capable of being detected by an
IDS like snort? If so, perhaps some sigs could be contributed to the
emerging-threats ruleset, and then existing infrastructure
(listening-post/malware-domains, sidreporter, snort-inline, snortsam,
and so on) could be used.
CP
More information about the Voipsec
mailing list