On Sun, 31 Oct 2010, Tzafrir Cohen wrote: > On Sat, Oct 30, 2010 at 01:43:49PM -0600, Joel Maslak wrote: >> Is there really any benefit to blocking these, if you use good passwords? > > Regardless of any threat from those attacks succeeding, they completely > saturated the uplink in our ADSL-connected office. > > What are they after, anyway? Merely cheap international calls?
They want them to sell on. Ever wondered about all that spam you get offering you cheap routes to 1000's of destinations... Where do you think they're getting the cheap routes from... >From my own experiences and discussions with others, I've seen 2 kinds of uses for the compromised accounts - one is to get to expensive destinations - e.g. mobiles in eastern european/african destinations, and the other would appear to be pure fraud - e.g. 10 concurrent calls to what looks like a mobile in a country with a dubious telecom infrastructure - which is obviously a destination that charges a high interconnect fee, so one theory is that it's the terminating telco themselves that are stealing the accounts and placing calls into their own network... (This was a popular scam with mobile phone theft in the UK a few years back - stories abounded with tales of rooms full of mobiles, calling premium rate numbers belonging to the thieves, and so on) Anyway, SV is easy to thwart with good practices and tools like fail2ban, svcrash.py, sites like http://www.infiltrated.net/voipabuse/ and so on. As far as I'm concerned, it's history. It's understood and with a few simple procedures we can protect ourselves against it. It's yesterdays news. Why are we still bleating on about it? Gordon -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users