If anyone is interested in helping create a new site logo please email webmaster@allworxforums.com

PLEASE NOTE: Allworxforums.com is not owned, nor run by Allworx Corp. The views and opinions found on this forum are not necessarily the views of Allworx or the forum moderators. Neither Allworx nor the forum will be held liable for any information found on the forum. The Allworx logo and name is a registered trademark of Allworx Corp.

SIP Password Hacking

Anything not categorized above.
Post Reply
dslee
Posts: 2
Joined: Thu Jul 28, 2011 3:43 pm

SIP Password Hacking

Post by dslee »

Hi all,

I have a client with a 6x on 7.4.13.5 firmware. Their system had previously been on a WAN IP and they were subject to the 'extension' hack that occurred about a year ago. We upgraded their firmware and put it behind a SonicWALL.

Now we're having a different type of hack occur, which may or may not be related to the 6x.

Specifically, they have 2 ITSP accounts registered to the 6x, and both of these accounts were hacked in the last 2 weeks by an external SIP client connecting directly with the ITSP. Somehow they got the SIP password for the ITSP on these 2 separate accounts.

I have many clients on the same ITSP, and this is the only one that has been hacked in this way.

This leads me to believe that the client may have a local system on their LAN with a trojan of some sort that is sniffing their network. But even then, my belief is the SIP registration password between the 6x and the ITSP would not get broadcast on the local LAN, and as well, it would (should) be encrypted.

In any case, I'm looking for anyone who can speculate how the hacker managed to figure out the SIP password.

Is it possible for someone with the Allworx admin password to be able to see the SIP password? It is masked in the admin interface, so I think the answer is 'no'.

My assumption is any hack attempt must be from internal, as the admin interface is restricted through an ACL on the WAN, but the answer has not yet struck me.

Any thoughts?
---
Cheers,

David
ITGUYKEN
Posts: 1
Joined: Tue Jul 15, 2014 8:05 am

Re: SIP Password Hacking

Post by ITGUYKEN »

We have had quite a few of our customers systems get hacked the same way. i believe some hackers have written a script to look for certain open sip ports and uses brute force to crack the password. afterwords they login with a sip device and make free calls, well free for them but not for you
sipvine
Posts: 2
Joined: Tue Dec 30, 2014 12:02 pm

Re: SIP Password Hacking

Post by sipvine »

It's definitely tied to the local system on their LAN. Encryption frequently fails.

________________________________
http://www.sipvine.com/blog/bid/72993/Why-Hosted-VoIP-is-Right-for-Start-up-Businesses
Post Reply