Page 4 of 6 FirstFirst ... 23456 LastLast
Results 31 to 40 of 52

Thread: Hacker attempts

  1. #31

    Default

    Thank you Vahan,

    No, I don't see 67.205.52.172 or any other IPs auto-entered by Epygi in "Blocked IP" list of Firewall (v.5.2.9)

    My "SIP IDS" is Enabled with Security Level set to "Medium".
    Should I increase Security Level to "High"?

    I have "SIP Access" enable to Any IPs (for dynamic IP clients).
    Would this conflict with SIP IDS?

    I vote again for hostnames implementation in filter rules to allow roaming and dynamic IP clients (and deny everyone else)

    Thanks

  2. #32

    Default

    I got another attack.
    Log is flooded with 100s messages like

    New Fri Jul 16 19:13:05 2010 3 SIP ip phone registration rejected IP phone user 434 [85.158.111.164:5078]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    New Fri Jul 16 19:13:05 2010 3 SIP ip phone registration rejected IP phone user 433 [85.158.111.164:5078]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    New Fri Jul 16 19:13:04 2010 3 SIP ip phone registration rejected IP phone user 432 [85.158.111.164:5078]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    New Fri Jul 16 19:13:04 2010 3 SIP ip phone registration rejected IP phone user 431 [85.158.111.164:5078]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    ....
    New Fri Jul 16 19:12:06 2010 3 SIP ip phone registration rejected IP phone user 249 [85.158.111.164:5078]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    New Fri Jul 16 19:12:06 2010 3 SIP ip phone registration rejected IP phone user 248 [85.158.111.164:5078]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    New Fri Jul 16 19:12:05 2010 3 SIP ip phone registration rejected IP phone user 247 [85.158.111.164:5078]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    New Fri Jul 16 19:12:05 2010 3 SIP ip phone registration rejected IP phone user 246 [85.158.111.164:5078]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status


    But I also see in the log

    New Fri Jul 16 19:12:51 2010 3 SIP blocked ip The IP 85.158.111.164 is added into Blocked IP list. Filtering Rules

    As well as in Blocked IP List:

    Enabled All Blocked 85.158.111.164 Blocked by SIP UA. Reason: No Such Line Configured. Date: 07/16/2010 19:11:31

    This is my first evidence that SIP IDS works.

    Interestingly, there is one and 1/2 minute delay between Block IP entry (19:11:31) and last Registration attempt (19:13:05)
    Is this because of log delay or delay in Firewall?

  3. #33

    Default

    I remove all Epygi numbers from the rego (unless the client wants them, which in this case they didn't), on the bench and pre program the system from an isolated laptop with no wireless and no net connection(and virus and trojan free) before I connect the unit to the net for the first time. I can positively guarantee that there were only the two isvp numbers registered from the unit.

  4. #34
    Banned
    Join Date
    Jul 2006
    Location
    Dakabin
    Posts
    79

    Default

    Quote Originally Posted by ddexxters75 View Post
    I remove all Epygi numbers from the rego (unless the client wants them, which in this case they didn't), on the bench and pre program the system from an isolated laptop with no wireless and no net connection(and virus and trojan free) before I connect the unit to the net for the first time. I can positively guarantee that there were only the two isvp numbers registered from the unit.
    __________________________________
    Excess Baggage
    Container Shipping
    Is there an echo in here?

  5. #35

    Default

    Mike I think we need to turn echo cancellation on what do you think mate?

    Kev

  6. #36
    Banned
    Join Date
    Jul 2006
    Location
    Dakabin
    Posts
    79

    Default

    lol
    Getting a bit like that Kev !
    Cheers Mate,
    Mike

  7. #37

    Default

    Unauthorized SIP registration hack attacks are becoming worst every day.
    SIP IDS is not working well; it not fast enough to block hundreds of near-simultaneous hack registration attempts from the same IP.

    PLEASE expedite implementation of "SIP Access" filter by hostnames to allow roaming and dynamic IP clients.

    Thanks,
    Alex


    New Thu Aug 12 09:19:15 2010 3 SIP ip phone registration rejected IP phone user 612 [200.52.114.67:52134]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    New Thu Aug 12 09:19:15 2010 3 SIP ip phone registration rejected IP phone user 827 [200.52.114.67:52136]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    New Thu Aug 12 09:19:15 2010 3 SIP ip phone registration rejected IP phone user 607 [200.52.114.67:52134]: registration failed. Reason: No Such Line Configured. IP Lines Registration Status
    ...............

  8. #38
    Banned
    Join Date
    Jul 2006
    Location
    Dakabin
    Posts
    79

    Default

    Hey Mate,
    If you have a dedicated internet connection for your epygi system, you could always go to the firewall and block everything except for your ISVP. It works a treat as long as its dedicated to the Epygi.
    Cheers

  9. #39

    Default

    Mike,
    I have roaming dynamic IP clients, so I can not lock down because current "SIP Access" filter is only by static IP .
    That's why I'm requesting an implementation of "SIP Access" filter by hostnames to allow for dyndns service.
    Few others requested it in this thread too.

    Alex

  10. #40

    Default

    Alex:

    we are working on your request, thank you for helpful suggestion.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •