naidu / sipvicious

Automatically exported from code.google.com/p/sipvicious
0 stars 0 forks source link

SIP Vicious Malicious Attack Mitigation #11

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
I work for a VoIP service provider. Recently we have been seeing a massive 
number of attacks against our servers from people using SIP Vicious to look for 
insecure authentication credentials. We utilize 12-character, randomly 
generated passwords with upper and lower case letters, numbers, and symbols. In 
addition, we have recently altered our firewall configuration to return ICMP 
Administratively Prohibited when REGISTER requests come in faster than a 
specific allowed rate. However, the attackers do not seem to get the message 
that it would take them several hundred thousand years to crack one of our 
passwords using brute-force given the security measures we have in place. 
Please modify SIP Vicious to detect the ICMP Admin Prohibited messages, figure 
out the allowed rate of REGISTER requests, and then report back to the user 
that given the rate of allowed attacks, it would take hundreds of thousands of 
years to find a valid combination. This would at least make them check 
elsewhere instead of causing increased overhead on our systems.  

Original issue reported on code.google.com by ega...@gmail.com on 8 Sep 2010 at 8:19

GoogleCodeExporter commented 9 years ago
thanks for writing in. please email me privately on sandro@enablesecurity.com.
meanwhile my suggestion is to check out my updates on the blog, specifically:
http://blog.sipvicious.org/2010/06/how-to-crash-sipvicious-introducing.html

And the corresponding FAQs:

http://code.google.com/p/sipvicious/wiki/SvcrashFrequentlyAskedQuestions
http://code.google.com/p/sipvicious/wiki/FrequentlyAskedQuestions

Original comment by sandrogauc on 8 Sep 2010 at 8:32