|
Out of curiosity - I run a PBX that does accept remote SIP so people's cellphones can have SIP clients ring at the same time as their desk extension does, plus road warriors. Constantly getting bruteforce attempts on it, that fail2ban promptly blackholes. Anyone know what they're actually intending to do? Are these forwarders for tech support scams, shady calling-card companies or something? I'm trying to wrap my head around why anyone gives a poo poo about stealing VoIP when it's so cheap to buy it to begin with.
|
#
¿
Mar 7, 2017 22:50
|
|
|
|
| # ¿ May 6, 2024 00:33 |
|
|
Thanks Ants posted:They're trying to register on your system and place calls to revenue-generating numbers that they have control of Oh jesus, that was a scam back in the 80s, I'm (not) shocked that it hasn't been cracked down on.
|
|
#
¿
Mar 7, 2017 23:07
|
|
|
Partycat posted:As mentioned before they may be looking for open registrations or easy to guess ones (usually I don't see them bother to try and register they just place calls), or an agent that's open that will permit their call to complete somewhere, if it does , then try often seem to try and get their calls to go through to a mailbox or do something they can break out of. I got nailed once when I first setup VoIP - although it was some idiot adding an easy-to-guess extension password rather an exploit. Getting fail2ban working on the logfiles properly took some doing but it's nice seeing it shut attacks down fast. There was some sort of pager/notification callback exploit on an actual analog PBX I had the misfortune of dealing with once, that was exciting. I can't even remember what the hell it was, except expensive as poo poo and dumped on my lap with no service contract, documentation or support. No backoff so they hammered PIN extensions until they got in and setup some forwarding. The $10k phone bill cost a lot more than they saved not getting a support contract for it. Charter/spectrum has started molesting SIP traffic, has anyone else seen that? The packets arrive, but they're rewritten to come from some not-us address, then it fails to forward the RTP to me. I'll contact support about it but it would be nice to have something specific to tell them other than "My VoIP with not-you doesn't work anymore". I "fixed" it by using a third-party VPN, but that adds audible latency.
|
|
#
¿
Mar 10, 2017 01:38
|
|