Yeah, the attack vectors are the same, but like others here have
experienced, there's a more real cost. I'm just surprised it's taken this
long to become an issue.
There are the simple things like toll charges, but then there is also
that human factor. People call back wondering why you / your company is
calling them phishing for information, and they're not interested in
believing what you have to say, they're already suspicious.
People place far too much trust in their phone -- trusting that the
person who called is calling from where they say they are, and also that
when they call outbound, the call is going where they intended it to go,
and has not been hijacked.
Things like zphone try to address this, and Duane's work on adding
cryptography to enum lookups.
-spd
On Tue, 11 Nov 2008, Andrew Kohlsmith (lists) wrote:
On November 10, 2008 08:47:48 pm Andre Courchesne - Consultant wrote:
Just to let you know that I see a proliferation is SIP hack attempts.
Twice today I happened to be logged in servers where I saw SIP discovery
from IP 212.12.148.109 and on the other server that same IP had actually
gained controlled of a SIP account (which was created with a weak secret by
the administrator).
I have seen this as well. I was very surprised, but I guess it's no different
than any other kind of intrusion.
-A.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
