SIP Vicious Malicious Attack Mitigation

[GoogleCodeExporter]

I work for a VoIP service provider. Recently we have been seeing a massive 
number of attacks against our servers from people using SIP Vicious to look for 
insecure authentication credentials. We utilize 12-character, randomly 
generated passwords with upper and lower case letters, numbers, and symbols. In 
addition, we have recently altered our firewall configuration to return ICMP 
Administratively Prohibited when REGISTER requests come in faster than a 
specific allowed rate. However, the attackers do not seem to get the message 
that it would take them several hundred thousand years to crack one of our 
passwords using brute-force given the security measures we have in place. 
Please modify SIP Vicious to detect the ICMP Admin Prohibited messages, figure 
out the allowed rate of REGISTER requests, and then report back to the user 
that given the rate of allowed attacks, it would take hundreds of thousands of 
years to find a valid combination. This would at least make them check 
elsewhere instead of causing increased overhead on our systems.  

Original issue reported on code.google.com by ega...@gmail.com on 8 Sep 2010 at 8:19

[GoogleCodeExporter]

thanks for writing in. please email me privately on sandro@enablesecurity.com.
meanwhile my suggestion is to check out my updates on the blog, specifically:
http://blog.sipvicious.org/2010/06/how-to-crash-sipvicious-introducing.html

And the corresponding FAQs:

http://code.google.com/p/sipvicious/wiki/SvcrashFrequentlyAskedQuestions
http://code.google.com/p/sipvicious/wiki/FrequentlyAskedQuestions

Original comment by sandrogauc on 8 Sep 2010 at 8:32

• Changed state: Invalid