I think you're underestimating the business of botnets, and the state of
the art of exploiting. These aren't kids running these sorts of things
making prank phone calls, they are real "businesses", with professional
level staff.
As far as the technology goes, sipvicious is portable, being written in
python, and runs on Windows, MacOS, Linux, and anywhere else the python
interpreter will run. The scanner tools (there is a very good one out
there which I can't remember the name of) are equaly portable AND
pluggable. You put a scanner in one end, and an exploit in the other,
then off it goes, returning a list of exploited hosts ready to do your
bidding.
As for hiding your tracks, SIP proxies are also easy to build,
cross-platform, and light weight when you have kits like FreeSWITCH,
YATE, and OpenSER to build on top of.
Unfortunately, this stuff isn't rocket science if you've worked with the
tools before. The difficulty level is that of a weekend project for
someone familiar with the scanner/exploit tools, and the same goes for
putting together a SIP proxy that will run on the holy grail of botnets,
Windows, to deploy on compromised systems.
So again, make sure to have some protection in place, and audit your logs
regularly if you've set up remote access on your system.
Beyond what I mentioned already, setting appropriate channel limits like
Stephan said, and rate throttling new call setups are two things to
consider that won't interfere with legitimate traffic, while mitigating
the severity of being compromised.
re,
spd
On Wed, 12 Nov 2008, Andre Courchesne - Consultant wrote:
I don't think the level of sophistication used by sip hackers is up to the
level of using home pc to do sip extension scanning yet. They probably all
use sipvicious or other very similar linux/asterisk based tools.
In a few years we might see distributed sip scanning, but right now I think
they are doing their own scanning...
Duane at e164 dot org wrote:
Andre Courchesne - Consultant wrote:
I like this idea of honeypot and collecting the IP address of offenders
and exposing them...
Except you are also going to get IPs of infected home PCs too, not that
they don't need to be exposed, just that there would potentially be huge
numbers of IPs via botnets doing scanning and so forth.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
