Best way to guard against SIP attacks

Toggle sidebar Toggle sidebar
mmntech

mmntech

Lifer
Sep 20, 2007
17,501
12
0
My VOIP ATA has been getting hit with SIP attacks lately. Several a day now. Somehow they're getting into my home network and pinging it with phantom rings. Sometimes in the middle of the night.

I've gone into my router logs and have noticed the attacks are coming from several different IP addresses. Call display shows some of them coming from Sipvicious, a known SIP hacking tool. Must be script kids, because they're not covering their tracks very well. Right now they're just a nuisance, but I'm worried my service could get hacked to make expensive international calls.

My home router (Netgear WRN2000 v2) has only barebones security options. While it technically can run DD-WRT, it only supports older builds, which I've been unable to track down. So obviously I need some new equipment with beefier security features.

The question is, where do I go from there?
 
PliotronX

PliotronX

Diamond Member
Oct 17, 1999
8,883
107
106
That's crazy, are they all trying to hit your port 5060/5061? Man, if I didn't have to work and had more free time, I'd set up a honeypot and mess with them.

Edit- I have read that changing ports around can help..
 
Last edited:
S

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
I haven't done any work in this particular space, but I would assume that your VoIP ATA only needs to accept connections from a specific known IP/Host (or possibly a set of IPs/Hosts) owned by the company that provides your VoIP service? If that's true, it would be pretty straightforward to create a firewall that would only allow connections from the valid addresses, but maybe your Router doesn't have those options.
 
I

inachu

Platinum Member
Aug 22, 2014
2,387
2
41
I suspect something may be going on with my own SIP phone or it is going bad.
I guess 6 years is good for a OOMA box to live?

Maybe my own is under attack as well!
 
Last edited:
John Connor

John Connor

Lifer
Nov 30, 2012
22,757
618
121
I would throw Untangle on there. Get a decent router too, like an Asus RT N66U and flash with DD-WRT and then I think you can use some iptables in the commands under firewall.

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=171783&highlight=

https://www.untangle.com/

You could use the MAC address clone feature in your router and get a new IP address. In the MAC address clone feature change the last three groups, save and reset the modem (Not router) and you should have a new IP address. Changing ports for the VOIP could help too. I have a built in SSH server in the router using DD-WRT and don't use port 22 and have IPtables protecting it.

http://www.dd-wrt.com/wiki/index.ph...Advanced_Method:_Protection_for_Any_Open_Port
 
Last edited:
mmntech

mmntech

Lifer
Sep 20, 2007
17,501
12
0
I did get DD-WRT installed on my router. I haven't received any of these annoying phantom rings since then. So perhaps the built-in firewall is keeping them out. At least for now.

Getting a better router is on my to-do list but low priority right now.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom