jump to navigation

VOIP/UC Network Botnet Scanning and Discovery based Attacks on the Rise July 28, 2010

Posted by admin in : Redshift Networks, Security Threats, UC&C , add a comment

Rich Unified Communications and Collaboration (UC&C) services are now being delivered across any device, any place and at any time. With the rise of new powerful fixed and mobile endpoint technologies such as the IPAD, the Android or IPhone smart phone,  customers are now embracing UC/VOIP services at a potential never possible before.  As a result, VOIP/UC networks are also becoming more porous as the network perimeter once confined and secured inside the DMZ perimeter is now extended across multiple untrusted domains, geographies, users and endpoints.  The traditional definition of security perimeter is now broken.

In this posting, we talk about VOIP/UC network Botnet scanning and discovery based attacks being on the rise. The specific attacks happened in one of the major VOIP provider and this makes it very interesting. The SIP provides OPTIONS methods that allow a User Agent (UA) to query another UA or a proxy server as to its capabilities. This allows a client to discover information about the supported methods, content types, extensions, codecs, etc. without “ringing” the other party. All UAs MUST support the OPTIONS method.

Unfortunately, this also provides base for attackers to probe the network and find out more details on the internal VOIP/UC network topology, endpoints, server IPs, valid usernames or extensions etc. The attacker studies the responses from methods such as SIP OPTIONS, REGISTER or INVITE methods to make some pretty good guesses on valid extensions, usernames or server IPs etc. This often is a precursor to more sophisticated attacks such as Toll Fraud attacks, eavesdropping, message stealing, stealth DOS attacks on specific user extensions, War Dialing and SPAM attacks.

The scary part is that there are lot of publicly available tools that can quickly brute force and automate the generation of such requests and provide a list of valid usernames, extensions, user credentials, server names, IPs etc. Preventing such attacks without employing a sophisticated UC stateful and protection device is very difficult. It is very hard to shield UC/VOIP services that by their very nature need to be exposed to a certain extent.

Attacks are happening on our customers networks July 24, 2010

Posted by admin in : Redshift Networks, UC&C , add a comment

We’ve been working very hard building our business with our products getting installed in different networks across the globe. We have started to see from our current deployments that attacks are happening in the Unified Communications and Collaboration realm. There is already a lot of news in the press and on the web about these attacks. We’re seeing our customers get attacked!!

Unfortunately enterprises and carriers that have Unified Communication & Collaboration solutions and applications can’t detect these attacks; The current generation of security solutions are not adequate enough to provide protection or trace these new security threats. (more…)