VOIP/UC Network Botnet Scanning and Discovery based Attacks on the Rise July 28, 2010
Posted by admin in : Redshift Networks, Security Threats, UC&C , add a commentRich Unified Communications and Collaboration (UC&C) services are now being delivered across any device, any place and at any time. With the rise of new powerful fixed and mobile endpoint technologies such as the IPAD, the Android or IPhone smart phone, customers are now embracing UC/VOIP services at a potential never possible before. As a result, VOIP/UC networks are also becoming more porous as the network perimeter once confined and secured inside the DMZ perimeter is now extended across multiple untrusted domains, geographies, users and endpoints. The traditional definition of security perimeter is now broken.
In this posting, we talk about VOIP/UC network Botnet scanning and discovery based attacks being on the rise. The specific attacks happened in one of the major VOIP provider and this makes it very interesting. The SIP provides OPTIONS methods that allow a User Agent (UA) to query another UA or a proxy server as to its capabilities. This allows a client to discover information about the supported methods, content types, extensions, codecs, etc. without “ringing” the other party. All UAs MUST support the OPTIONS method.
Unfortunately, this also provides base for attackers to probe the network and find out more details on the internal VOIP/UC network topology, endpoints, server IPs, valid usernames or extensions etc. The attacker studies the responses from methods such as SIP OPTIONS, REGISTER or INVITE methods to make some pretty good guesses on valid extensions, usernames or server IPs etc. This often is a precursor to more sophisticated attacks such as Toll Fraud attacks, eavesdropping, message stealing, stealth DOS attacks on specific user extensions, War Dialing and SPAM attacks.
The scary part is that there are lot of publicly available tools that can quickly brute force and automate the generation of such requests and provide a list of valid usernames, extensions, user credentials, server names, IPs etc. Preventing such attacks without employing a sophisticated UC stateful and protection device is very difficult. It is very hard to shield UC/VOIP services that by their very nature need to be exposed to a certain extent.
Google your Unified Communications & Collaborations (UC&C) Infrastructure May 27, 2010
Posted by admin in : Redshift Networks, Security Threats , add a commentIt’s surprising and often easy to note how widespread and far reaching internet is today. Long time ago, Johnny Long documented on internet how one can use Google searches effectively to search for relevant and confidential information over the internet.
There’s a lot of information around the network around this topic; surprisingly one using very simple scanning and discovery tools can find lot of information about companies that otherwise should never be disclosed. Most often, this is due to poor security controls being placed on information disclosure.
Do you know what information is available on the internet about your UC&C Infrastructure? Do you know if anybody can reconfigure your telephone from internet?
So, I started googling the web in search for specific information about edi UC&C infrastructures using some standard keywords as listed below. The results are very alarming and show that several UC&C internal networks and systems are publicly visible on the internet with very little security controls. Typical results ranged from absolutely no security enforcements being placed to limited security that uses default vendor published passwords that are easy for anyone to guess. (more…)