Defend Your Network against SIP Registration Attacks

June 2, 2010

A few cases of SIP dictionary attacks using the “friendly-scanner” have been reported recently. These appear to be active attempts to steal service.

We responded today to an attack on a nationwide Service Provider. They reported up to 69 REGISTERs per second originating from an IP address in Anhui province, China. 69 REGISTERs per second is roughly the equivalent load of 5,000 users.

Unfortunately for the victims, the “friendly scanner”, SIPVicious runs very hot and fast, apparently blasting out lots of requests without even waiting for earlier attempts to fail. The SIPVicious tool is focused on cracking SIP PBXs, and will be only so slightly less effective on Carrier VoIP systems.

The main reports of problems due to SIP Registration scanning are server overloads. But if the registration scanner users are smart, they’ll slow down their rates so they don’t alarm the parties being probed.

How do you defend against SIP Registration storms?

  1. For registering endpoints like SIP phones and IADs always use SIP authentication! use quality passwords.
  2. If you have a competent Session Border Controller like the Acme Packet OS-C system, you can blacklist devices after they fail a few REGISTER attempts.
  3. If you’re using non-registering SIP (such as SIP peerings for SIP Trunking), you should have a small number of SIP signaling IP addresses. Use firewall rules / or ACLs to block all SIP except for what comes from that small list.
  4. Use heavy-hitter detectors to spot SIP devices that are sending more-than-normal traffic loads, and alarm your staff.

Posted by lindsey | Filed Under News | 2 Comments 

Centennial de Puerto Rico Deploys Advanced CPE Management for Cisco/Linksys SIP Phones

October 14, 2009

Pompano Beach, Florida.Centennial de Puerto Rico, a leading VoIP Service Provider based in San Juan, Puerto Rico, has deployed an Advanced CPE (Customer Premise Equipment) Management System for Cisco/Linksys SPA Phones.  The System provides Industry-Leading Security, Manageability, and Reliability.

The new CPE Management System is integrated with BroadSoft’s BroadWorks system, the industry-leading softswitch for Commercial VoIP Carriers. Features of the new system include:

  • Zero-Touch Maintenance: Centennial’s Customers and Provisioning Team can enjoy new features, line moves, adds, and deletes that are automatically propagated to the CPE.
  • BroadWorks Integration: The CPE Management system is fully integrated with BroadSoft BroadWorks, supporting all advanced hosted IP PBX features.
  • SSL Verification: Centennial’s Cisco/Linksys SPA phones will refuse to communicate with unsigned CPE Management Servers. This provides defense for Centennial’s customers against man-in-the-middle and DNS hijacking attacks.
  • Configuration Signing/Encryption: Centennial’s Cisco/Linksys SPA phones are pre-programmed with Centennial credentials. This prevents a customer or Man-In-The-Middle from recovering key system signaling and management details. Attackers cannot redirect Centennial’s phones to another system.
  • Fault Tolerance: Centennial’s system maintains multiple copies of each configuration, on separate servers, to protect against server or network fault.
  • Traffic Engineering: The new system supports traffic engineering, allowing Centennial to intelligently route customer SIP traffic to backup data centers.
  • VLAN Management: Customer devices can be configured to use a Voice VLAN using 802.1q tagging. This can be managed through BroadWorks directly.
  • Advanced Troubleshooting: Centennial’s customer devices report on network issues before they become problems. These data are transmitted to a central logging server, where they can be analyzed by Centennial operations staff.

Centennial PR Customer Technology Integration (CTI) Engineers Fernando Jorge and Alberto Leo were principle technicians on the project.

ECG, Inc. developed and implemented the system for Centennial PR. ECG Engineers Mark Lindsey and Jonathan Stanley worked with Centennial through the design and specification process, then implemented custom software and systems.

Posted by lindsey | Filed Under News | 1 Comment 

Phase I testing of PSTN2 SIP Peering platform completed

August 11, 2009

ECG, a Georgia-based firm specializing in advanced packet voice networks, working with Stage2Networks, from New York City, and VWave Communications, also a Georgia company, have completed phase I proof of concept testing for the first advanced service SIP services peering platform or PSTN2.

The tested design allows customers of each service provider to take full advantage of the breadth of CODECs and services the SIP feature servers and endpoints provide including HD voice and SIP-based video.

Posted by jpuckett | Filed Under News | Leave a Comment 

ECG Completes Major BroadWorks Upgrade at Centennial Puerto Rico

July 22, 2009

This week, ECG completed a major upgrade of the VoIP Call Control platform at Centennial de Puerto Rico. Centennial provides VoIP, traditional (5ESS) and Wireless (PCS/CDMA) telephony services to customers and resellers in Puerto Rico. The VoIP platform is built on BroadWorks.

Centennial PR upgraded from BroadWorks Release 14sp3 to Release 14sp9. The coordination of the upgrade is complex with numerous interconnected components:

  • The Nortel Communication Server 2000 provides SS7 PSTN access for BroadWorks.
  • The Convergy’s Ceon platform is integrated with BroadWorks for provisioning.
  • The Acme Packet SD provides security and session management features both for Hosted PBX VoIP and for IP Trunking to several carriers.
  • Centennial’s CONUS-based Billing Department receives CDRs from six different BroadWorks application servers.
  • Many tens-of-thousands Scientific Atlanta MGCP/NCS eMTAs are integrated with BroadWorks
  • The mPathix voicemail system is integrated with BroadWorks.
  • VoIP Customer Premise equipment from Cisco, Adtran, Linksys, Polycom, and Digium/Asterisk are used in numerous configurations.

“The BroadWorks software activation is the simple part,” according to project engineer Mark Lindsey. “The complexity comes in verifying the software will work with all of the integrated components.” The upgrade from BroadWorks R14sp3 to R14sp9 involves several hundred individual changes. ECG analyzed each change to ensure it would not create a problem in Centennial’s specific network, and designed and conducted regression tests to be used in the system upgrade.

Posted by admin | Filed Under News | Leave a Comment 

ECG Integrates BroadWorks Voicemail with Surgemail

July 22, 2009

Under a contract starting this month, ECG will design and deploy a custom provisioning integration between SurgeMail and the BroadSoft BroadWorks voicemail platform. This is designed to let large-scale carriers use SurgeMail as a BroadWorks voicemail store while removing the manual provisioning steps.

ECG has extensive software integration experience with the BroadSoft BroadWorks platform, including integration with OCI-P for provisioning and feature management, as well as OCI-C for call control. The Attaché Call Control tool for Mac OS X is a working example of both of these interfaces.

Posted by admin | Filed Under News | Leave a Comment 

ECG Accelerates VoIP Deployment at Hawaii Telecom

July 22, 2009

ECG has been selected by Hawaii Telecom for planning, design, and implementation of the new carrier VoIP network. This is ECG’s second major VoIP deployment project for a carrier on the  Hawaiian Islands.

The project is managed and executed by ECG’s founders, James G. Puckett and W. Joe  Demmons.

Posted by admin | Filed Under News | Leave a Comment 

Attache: BroadWorks Power, now on Mac

Native BroadWorks Toolbar Application for Apple Leopard and Snow Leopard

Latest Blog Posts