Please keep us informed. I wonder if VOIP that the cable companies offer is also open to hacking
________________________________ From: Mike Copeland <[email protected]> To: [email protected] Sent: Wednesday, September 5, 2012 3:45 PM Subject: Re: [NF] VOIP hacking As it turns out, yes....surprise to me, too. >From what I can tell, they resell the overseas LD calling to people at a discounted rate. While VOIP data might originate and travel as a string of data packets on our end (the source), eventually it will almost always have to exit the Internet and enter the POTS phone system...which is TOTALLY based on tariffs and fees, often distance based for billing. One thing I've found out in the last 18 hours is that, in this situation, there is no router/NAT box between their VOIP hardware and the public WAN address. I have no idea whether that is a bad thing, but it sure seems like it would expose the hardware (and the software it is running) to probing and scanning for nothing more than saving a couple hundred bucks (at most.) Mike -------- Original Message -------- Subject: Re: [NF] VOIP hacking From: Michael Madigan <[email protected]> To: [email protected] Date: 9/5/2012 2:39 PM Do people actually bother hacking VOIP? ________________________________ From: Mike Copeland <[email protected]> To: [email protected] Sent: Wednesday, September 5, 2012 12:08 AM Subject: Re: [NF] VOIP hacking Logs on the Samsung VOIP box showed nada. Nothing but normal log traffic. "hacked" meaning that at 1:40pm Saturday, the ISP contacted my client and said that they had detected very unusual long distance routing (I guess TFTP?...I'm out of my league here) and were disabling the circuit until the VOIP vendor had a chance to investigate. They shut it down pretty quickly, but the LD charges had already been run up to ~$250. VOIP vendor claims he can not find ANY trace of hack. I'm wondering (again, out of my league) if this was simple packet spoofing and the problem is actually with the ISP? Samsung VOIP box is fine. Shows no sign of any disturbance and works as it should. I have several Linux boxes in the same building, that are not connected to the voice system (except that we share the same ISP service as the VOIP box, but on different IP addresses). I've seen nothing to indicate any kind of intrusion and I do run root-kit detectors on my Linux boxes regularly (like, daily.) The Linux boxes I manage provide Samba services, and SSH, but nothing is exposed to the outside world (WAN). Mike -------- Original Message -------- Subject: Re: [NF] VOIP hacking From: M Jarvis <[email protected]> To: [email protected] Date: 9/4/2012 9:33 PM On Tue, Sep 4, 2012 at 5:53 PM, Mike Copeland <[email protected]> wrote: > I have a client that had their VOIP service hacked this past weekend. > The VOIP vender has been stymied as to how it happened and doesn't have > any idea where to turn or what to do. The VOIP vendor is a small > independent guy, like us, just trying to make a living. > > Does anyone have any resources...books, articles, website...to recommend > on how to set up, check out, configure security on a VOIP configuration? > He's using Samsung hardware which runs a flavor of Linux. > > Any advice appreciated. > > Mike Copeland First - what do you mean by 'hacked'? Do you KNOW someone was in there, is the thing reformatted or something, or is the thing FUBAR and VOIP dude can't explain it so he thinks it must have been hacked? Check the access logs on the machine/device that is the most forward facing port i.e. the access point. If you can narrow down the time of attack it will help sift through the volume of info in the logs. Ted can prolly tell you exactly the name of the file (it escapes me at the moment - been a while since I did Linux sys admin)... The log will show you the (alleged) IP from the system that logged in assuming that was the method of attack). You can then ping/tracert/whois the IP address for info, which may or may not be real or usable - but it's somewhere to start. If they did damage you can contact the FBI but be warned they will seize the machine most likely and you may see it before the end of the century... Check the logs and go from there... [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
