I got a call from SIPVicious last night

in technology •  4 years ago 

When I got up this morning my phone was ringing, I walked over to it and observed the caller ID. I had no idea what sipvicious was. I just stared at my phone groggy and waited for the voicemail to take it. But it never did. Usually after 15 seconds of ringing the call will goto the voicemail. But it just kept ringing for many minutes. Hours actually....

20200624-081433.jpg

I unplugged my phone to stop the ringing, maybe I should have picked it up and see what I could hear but not wanting to deal with BS in the morning I just unplugged it. And then researched what came up on the caller ID a little later.

20200624-114643.jpg

SIPVicious is an application that has been used in increasing reconnaissance attacks against IP and VoIP phones and PBX systems. It was originally used as an auditing tool for scanning phone systems.

https://tools.kali.org/sniffingspoofing/sipvicious

20200624-081403.jpg

I walked into the other room where I have a wireless phone handset paired with my VOIP phone. It was hot to the touch and nearly had a dead battery. My phone must have been ringing for many hours last night as we slept. Making the handset get hot and battery drained. Amazing no one in the house noticed.

Annotation-2020-06-24-131120.jpg

I contacted my voice provider and asked them how to handle this situation. They quickly got back to me stating if I changed my SIP source port it may stop such scan tools from probing my phone. So I went into my Panasonic web interface and found the field and changed it to a random port. I double checked the replacement port number is not used for something important, it was not.

Annotation-2020-06-24-132346.jpg

After this change I checked the voice providers interface and verified that my phone was still registered and indeed picked up the SIP port change. I took it a step further and replaced my SIP password with a strong generated one. I had no idea what I set it as years ago, and reading Sipvicious can attempt to brute force and dictionary attack SIP logins. I do not think that happened to me, but just in case I changed it and updated my records.

As far as I know this is the first attack on my phone since owning it and using 3rd party VOIP service for the last 3 years. Just a DDOS attack making my phone line busy, but now ive adjusted my SIP port it should not happen again so easily.

Annotation-2020-06-24-133914.jpg

Regardless of these strange issues I rarely encounter, I save alot of money every month running my own IP phone and using a third party SIP provider. Ive made about 3 and a half hours of calls this month (216 minutes) and it cost me a little over $3.30. If I used my internet providers phone service it would cost me upwards of $20-40 a month plus rental costs for their special voice modem (MTA). I have saved alot of money over the last few years running my own VOIP phones. Maybe ill take it to the next step one day running my own PBX, though for now I dont mind paying a few dollars to make hours of calls.


Addresses below to help me buy better camera equipment and support me to travel to locations to do photo and video and overall great blogs in new places.

CoinAddress
BTC:bc1qhfmvd2gywg4fvrgy2kkkkyqta0g86whkt7j8r7
LTC:ltc1qdyzm5cwgt8e2373prx67yye6y9ewk0l8jf3ys9
DASH:XkSqR5DxQL3wy4kNbjqDbgbMYNih3a7ZcM
ETH:0x045f409dAe14338669730078201888636B047DC3
DOGE:DSoekC21AKSZHAcV9vqR8yYefrh8XcX92Z
ZEN:znW9mh62WDSCeBXxnVLCETMx59Ho446HJgq

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

That's only a little scary...depending on the battery, that could have started a fire! Glad you guys are safe.

Yeah it was a little unsettling, and true.. glad I was home and able to turn it off.

thanks alot :-)

That must have been some scary moments for you. Have a great Sunday 😊

hah yeah but once I understood what was going on it was not so bad.

Great to hear that 😊 be safe and well always. Have a super Sunday.