nanog mailing list archives
Re: How common are wide open SIP gateways?
From: David Birnbaum <davidb () pins net>
Date: Fri, 5 Feb 2010 12:45:13 -0500 (EST)
If you are using Asterisk (and many derived PBXs), and your installation is old enough, and your default context will complete a call...then you may find you are giving free calling out. This was fixed at some point in the Asterisk default configuration files.
We have noticed a lot of issues with Asterisk 1.2 and some 1.4 rollouts. FreePBX had some truck-sized holes in it.
On our relatively small client base, we are seing SIP probing on more or less a non-stop basis, and some of our customers have been hacked over the years. It's definitely increasing - the modern equivilent of the open-DISA access many old PBX/VMs offer.
On the plus side, they ususal start calling North Korea or Somalia or something which triggers the alarms, so they get shut down right away; we offer a default "Axis of Evil" block to stop international calling to the high-fraud countries that are out there and only allow calling there upon customer request. I wouldn't be at all surprised to find much cleverer people that have hacked PBXs and are making calls at a moderate pace to domestic or other inexpensive areas as to avoid detection.
Cheers, David. ----- On Fri, 5 Feb 2010, Drew Weaver wrote:
Heya,
Has anyone done any research or have any anecdotal numbers related to how common it is to have a SIP gateway sitting out on the Internet with no ACL or
authentication? Recently we have noticed a couple of instances where we get abuse complaints from companies who claim that one of our hosting clients
'stole SIP service' from them. This reminds me somewhat of the 'SMTP open relay' days. We obviously take action and shut the offending user
down but I can't help but wonder how common this practice is. Usually I just ask the company why their system allows anyone to use their SIP gateway and
they usually say something like "We can't predict what IP our users will come in from... etc"
I am just wondering if anyone else has noticed this trend.
-Drew
Current thread:
- How common are wide open SIP gateways? Drew Weaver (Feb 05)
- Re: How common are wide open SIP gateways? Seth Mattinen (Feb 05)
- Re: How common are wide open SIP gateways? David Birnbaum (Feb 05)
- Re: How common are wide open SIP gateways? Brandon Ewing (Feb 05)
- Re: How common are wide open SIP gateways? David Birnbaum (Feb 05)
- RE: How common are wide open SIP gateways? Drew Weaver (Feb 05)
- Re: How common are wide open SIP gateways? Brandon Ewing (Feb 05)
- Re: How common are wide open SIP gateways? Scott Howard (Feb 05)
- Re: How common are wide open SIP gateways? John Todd (Feb 06)
- Re: How common are wide open SIP gateways? Jon Lewis (Feb 05)
- Re: How common are wide open SIP gateways? Chris Hills (Feb 05)
- Re: How common are wide open SIP gateways? Jonathan Thurman (Feb 05)