eNews Archive

Brekeke Software Security Advisory: Protect your SIP system from SIP Attack

Published: December 21, 2010

Recently, there have been increased reports of VoIP/SIP attacks and other fraudulent activities. The typical attack tries to make a large number of registrations (10,000 or more) on your server, either resulting in taking down your server with excessive traffic or finding a way to use your server to make free calls. 

To avoid these malicious attacks, we recommend the following security measures for your SIP environments that use Brekeke products:

– Update Brekeke products to the latest version available. Download updates from: 
http://www.brekeke.com/download/download_list.php

– Follow the instructions in section 8 (Security) of the Brekeke SIP Server Administrator’s Guide:
http://www.brekeke-sip.com/download/bss/v2_x/bss_admin_en.pdf

– Create a strong password (at least six characters including a combination of upper/lower-case letters and numbers).

– Choose a strong and unique user name.

– Delete all unnecessary/inactive users (extensions, registered users, etc.).

– Use the Address Filtering feature, referring to the wiki topic below for configuration details:
http://wiki.brekeke.com/wiki/Avoid-attacks

– Use a firewall in front of Brekeke SIP Server/Brekeke PBX to block unknown remote IP addresses.

– Add a dial plan to reject SIP attacks, using the following wiki topic as a guide: 
http://wiki.brekeke.com/wiki/Avoid-attacks

– If possible, choose a unique prefix number for PSTN (analog) lines.

Here are some additional resources for protecting your SIP system from attacks: 
http://wiki.brekeke.com/wiki/Security
http://wiki.brekeke.com/wiki/Avoid-attacks
http://wiki.brekeke.com/wiki/Connect-to-the-BSS-Admintool-with-SSL

[Privacy Statement] At Brekeke Software, we recognize that your privacy is very important, which is why we will never share your e-mail address with anyone. Read more about Brekeke’s Privacy Policy at http://www.brekeke.com/company/company_privacy.php.

Copyright © 2010 Brekeke Software, Inc. All rights reserved.

Yes No
Suggest Edit