search

EnableSecurity / sipvicious

SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks against PBX systems especially through identification, scanning, extension enumeration and password cracking.
https://www.enablesecurity.com/sipvicious/oss/
Other
896 stars 158 forks source link

Dang it! Why do good tools get used in BAD ways!? #22

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Looks like someone just used SIPvicious to access (or attempt to) my PBX. It 
even left me a ZERO second voice mail (with the CID of SIPvicious).

This sucks! Yet another awesome tool being used by the BAD guys.

On the bright side, it led me to finding an IAX entry that the system didn't 
remove properly (which they conveniently attached to).

No damage done and ACCESS DENIED to the fool(s). VISP says no calls made since 
attach. PBX says no attached IAX devices.

Now that the bad guys are using this tool, how does the average Joe protect 
him/her self???

We need a guide to help people check things out and protect themselves! 
Anything out there in existence?

Suggestions?

Comments?

Original issue reported on code.google.com by perezil on 26 Jul 2011 at 9:14

GoogleCodeExporter commented 9 years ago 
Good to hear that at least the scan led to some good :)

As regards guides, there are recommendations out there on that. The latest 
edition of the Asterisk book has a whole chapter on security: 
http://oreilly.com/catalog/9780596517342

It even mentions SIPVicious :)

Original comment by san...@enablesecurity.com on 26 Jul 2011 at 2:38

GoogleCodeExporter commented 9 years ago

Original comment by san...@enablesecurity.com on 29 Jan 2012 at 11:54