Re: How common are wide open SIP gateways?

[Jon Lewis <jlewis () lewis org>]

On Fri, 5 Feb 2010, Drew Weaver wrote:

> 	Has anyone done any research or have any anecdotal numbers related 
> to how common it is to have a SIP gateway sitting out on the Internet 
> with no ACL or authentication? Recently we have noticed a couple of 
> instances where we get abuse complaints from companies who claim that 
> one of our hosting clients 'stole SIP service' from them. This reminds 
> me somewhat of the 'SMTP open relay' days. We obviously take action and 
> shut the offending user down but I can't help but wonder how common this 
> practice is. Usually I just ask the company why their system allows 
> anyone to use their SIP gateway and they usually say something like "We 
> can't predict what IP our users will come in from... etc"

Just because one of your users stole SIP service from a site doesn't mean 
their gateway doesn't do authenticate.  We operate a number of SIP 
gateways, some of which do need to be relatively wide open ACL-wise. 
Like any other service, good usernames and passwords are a must.  I've 
seen people trying to brute force SIP access on our servers just as they 
do with SSH (if you leave that open) or POP3.

Stealing phone service is nothing new.  SIP's just the latest vector for 
it.

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________