Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

In Australia, Rising VoIP Attacks Mean Huge Bills For Victims

timothy posted more than 3 years ago | from the that's-off-the-hook dept.

Communications 178

mask.of.sanity writes with this excerpt from ZDNet Australia: "Australian network companies have told of clients receiving phone bills including $100,000 worth of unauthorised calls placed over compromised VoIP servers. Smaller attacks have netted criminals tens of thousands of dollars worth of calls. A Perth business was hit with a $120,000 bill after hackers exploited its VoIP server to place some 11,000 calls over 46 hours last year. ... Local network providers and the SANs Institute have reported recent spikes in Session Initiation Protocol (SIP) scanning — a process to identify poorly configured VoIP systems — and brute-force attacks against publicly-accessible SIP systems, notably on UDP port 5060."

cancel ×

178 comments

Sorry! There are no comments related to the filter you selected.

The REAL crime here (5, Insightful)

erroneus (253617) | more than 3 years ago | (#33855160)

It isn't the people hacking into systems they aren't authorized to, it's the price and value of phone calls. In this day and age, we still have "long distance charges" and all that? Really? I can reach web pages hosted all over the globe but I can't make a phone call? It's not the technology, it's the abusive business models. Phone calls should be as free as the internet.

Re:The REAL crime here (4, Insightful)

Duradin (1261418) | more than 3 years ago | (#33855228)

And that website on the other side of the world totally has the same level of Quality of Service as a phone call.

People put up with crappy cell phone calls, d ppin ev ry ther s lla le, but complain to high hell when there's the least bit of echo or static on a (non-VoIP) land line.

Re:The REAL crime here (3, Insightful)

Angst Badger (8636) | more than 3 years ago | (#33855668)

And that website on the other side of the world totally has the same level of Quality of Service as a phone call. People put up with crappy cell phone calls, d ppin ev ry ther s lla le, but complain to high hell when there's the least bit of echo or static on a (non-VoIP) land line.

Funny, but that website on the other side of the world comes through perfectly without any data corruption or loss of quality even when I'm downloading tens or hundreds of megabytes of data more than I'd be receiving through a several hour long phone call. Hell, I can stream HD video just fine most of the time, but I can't get better than 3.3 kHz on a voice call -- by design.

If voice telephone service sucked as bad as the channel I get to someone's cheap personal website, it would be a vast improvement.

Re:The REAL crime here (4, Insightful)

GigsVT (208848) | more than 3 years ago | (#33855698)

A web site doesn't have any particular latency requirements, other than 1 second or so.

Browsing the web on a geostationary satellite connection is OK. A phone call on one is pretty crappy.

This doesn't refute the original poster, but it's not as simple as you make out either.

Re:The REAL crime here (2, Interesting)

AK Marc (707885) | more than 3 years ago | (#33855780)

A phone call over satellite is just fine. In Alaska, that's about all you get in most areas. Browsing the web doesn't work that great. The non-local DNS servers take a few seconds to respond, often resulting in a timeout for the first click so you have to refresh every new page. And the TCP limit causes downloads to be slow.

But a good fix would be to have higher bandwidth calls that include FEC so that a lost or late packet could be reconstructed. That would greatly improve call quality in jittery/lossy environments. But that's a whole new set of standards, and even though a common sense combination of two related technologies used for 20+ years, someone would patent it and start charging everyone for it the moment it gets brought up. But it would help on long fat pipe situations, like satellite and across the world (not as long, but often more jitter).

Re:The REAL crime here (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33855824)

A phone call over satellite is just fine. In Alaska, that's about all you get in most areas. Browsing the web doesn't work that great. The non-local DNS servers take a few seconds to respond, often resulting in a timeout for the first click so you have to refresh every new page. And the TCP limit causes downloads to be slow. But a good fix would be to have higher bandwidth calls that include FEC so that a lost or late packet could be reconstructed. That would greatly improve call quality in jittery/lossy environments. But that's a whole new set of standards, and even though a common sense combination of two related technologies used for 20+ years, someone would patent it and start charging everyone for it the moment it gets brought up. But it would help on long fat pipe situations, like satellite and across the world (not as long, but often more jitter).

A nigger in Africa is just fine. In America, there's niggers in most areas.

What the fuck was your point? Niggers are knee grows but not all knee grows are niggers. Just the ghetto ones are niggers.

Re:The REAL crime here (3, Interesting)

smash (1351) | more than 3 years ago | (#33856616)

Reconstructing / resending packets on a VOIP call doesn't help, as it is too late. VOIP needs decent prioritised QOS to work. If you get bits of audio out of order or dropped, retransmits can't help you as its too late by that point (the listener didn't get the audio in time - they hear a bit of silence in the audio).

The only real way of making it work is ensuring VOIP traffic is prirotised so that it doesn't get dropped in the first place. Hence different cost/QOS rules to other generic data that is extremely tolerant of out of order packets and delays.

Unlike streaming audio / video from youtube or whatever, you can't simply buffer 30 sec of audio to work around this, as two-way conversations are real time...

Re:The REAL crime here (0)

Anonymous Coward | more than 3 years ago | (#33856876)

"Unlike streaming audio / video from youtube or whatever, you can't simply buffer 30 sec of audio to work around this, as two-way conversations are real time..."

So go back to the old Ham Radio protocol. One party talks while the other listens. The talking party then says "Over" and the direction is turned around. If the connection is done via TCP/IP as opposed to UDP, the packets are delivered in the CORRECT order. All that is needed is a PRESS to TALK switch on the HANDSET to turn the connection around.

Re:The REAL crime here (4, Interesting)

mcrbids (148650) | more than 3 years ago | (#33856888)

Browsing the web on a geostationary satellite connection is OK. A phone call on one is pretty crappy.

I called my daughter who was a foreign exchange student in Germany. We talked for several hours. I did my research, I was signed up for a plan at $0.05/minute. AT&T (with whom I now refuse to transact) charged me almost $4.00 per minute. I spent hours going through their "customer support" speaking to numerous people with names like "Michael" and "Robert" who had strangely Indian accents. See, it turns out that it's CHEAPER to route my call to INDIA and save perhaps $3 of the $6 PER HOUR to have an Indian take that call than an American. Which means that, at maximum, the cost of getting my call to India is actually costing them, at most, $3 per hour. This number matches quite closely to the $0.05 per minute I expected to pay, which works out to $3/hour. This seems to support your point,doesn't it?

But on the flip side, after getting the almost $1,000 phone bill, I went to my cell phone provider (much love for Metro PCS! [metropcs.com] ) and got an unlimited international calling (to most first world countries) for just $5/month! We spent the rest of the year my daughter was in Germany blabbing away monthly on my wife's cell phone, with decent call quality and NO HIDDEN COSTS for just $5.

So what's the actual cost of an International call? Certainly, AT&T has a very expensive way to do it, Metro-PCS [metropcs.com] can do a good job of it for prices too cheap to meter!

PS: I have no affiliation with MetroPCS other than being a satisfied customer. Don't expect super-friendly, great tech support from them, they are a discount cellular service provider. But their stuff works, it's cheap, and I'm happy. =)

Re:The REAL crime here (2, Funny)

mcrbids (148650) | more than 3 years ago | (#33856910)

PPS: AT&T waived almost all of that $1,000 when I tried to cancel my account with them. After they did so, I waited a month before canceling service. They overcharged me $20 on my very next bill!

Friends don't let friends use AT&T!

Re:The REAL crime here (2, Insightful)

bemymonkey (1244086) | more than 3 years ago | (#33856772)

Most of the audio issues with VoIP calls end up being caused by end-user misconfiguration (hardware or software).

Unlike a regular phone connection, you have to deal with a bunch of end-user variables: Different mics and speakers, people sitting 3 feet away from their mics, people trying to use the crappy speakers on their laptop as a speakerphone without any echo- and/or feedback-cancellation other than what's built into the VoIP software (probably even on the server end).

Just try comparing Skype with laptop mics and the built in speakers to Skype with decent headsets. It's a world of difference...

I've actually been using SIPDroid on Android lately, and it's fantastic. Extremely reliable on both WiFi and 3G (usable on Edge, but the latency is noticable), with crystal clear quality. Sounds as good as any landline I've ever used... :)

Re:The REAL crime here (4, Insightful)

v1 (525388) | more than 3 years ago | (#33855230)

well maybe not that free, but they certainly do run a racket. It's basically an international Collusion [wikipedia.org] or Price Fixing [wikipedia.org] .

Basically the long distance phone racket is a global Price Fix. Though they don't have any way to combat voip and the increasing options such as skype and telephones tied to cable modems. (we have those here in town... one cable modem provides your house with cable tv, internet, and phone service) Though the phone service I think is still using traditional long distance, but that may change. I suppose it's possible they're working hard behind to scenes to try to keep such digital phone service reliant on their "land lines", even though the calls would be going over the same fibers either way. Kinda funny how the same bits are being priced vastly differently, isn't it?

I can sell you this nail for two cents. Or would you prefer one of my high-tensile-strength wood adhesion devices for a quarter?

Re:The REAL crime here (0, Flamebait)

man_of_mr_e (217855) | more than 3 years ago | (#33856490)

Seriously? You had to link to the wikipedia entries for Collusion and Price fixing? Like people that visit slashdot are so illiterate that they don't know the meaning of these basic terms and their ramifications?

Condescending much?

Re:The REAL crime here (4, Interesting)

postbigbang (761081) | more than 3 years ago | (#33855288)

Point to point personal VoIP can be pretty free.

But then there's the cost of the Internet connection. There's a capex cost of the home router you use, and the cost of the power it uses as well as your 'phone' device, whatever that might be.

The ISP then has a last mile capital cost, to run a cable to your place or deliver a wireless signal that you can use.

Then there's the interconnect equipment that's used on the backhaul, landline gateway interconnect costs (capex and opex), the rent for the building, the power, the people, their benefits, the diesel generator if you're lucky. Then there are the returns paid to the people that invested in all of that; taxpayers in some realms, stockholders in others.

Then there are the costs associated with upstream routing. Maybe there's a SIP server with its incumbent costs, support, programmers, power, and so on.

The Internet isn't free. Phone costs aren't free. Each has a cost.

But what happened in the TFA is that people exploited SIP security and found a way to make people's toll avoidance become a nightmare for them. Not free. Not at all.

Re:The REAL crime here (5, Interesting)

erroneus (253617) | more than 3 years ago | (#33855386)

Did you forget to mention that the exact same networks that are used to router phone calls are the exact same networks that are used to route internet traffic?

You can dress up the costs of this that and the other and make a "phone bill" look quite justified, but if those costs were really justified, then the cost of access to the internet would be simply astronomical. It isn't.

Telco profits are higher than ever before and they are, of course, enjoying it. They aren't resting, though... oh no... they are still looking for new and novel ways to screw customers over. As for me? I'm way too savvy to play their game. Sadly, I am among the 0.001% who are... so everyone else gets hosed.

I recall when voice communications over the internet was young. The telcos were suing everyone who tried it just as the music companies were suing everyone who wrote MP3 software. Well that didn't last long, but the games are all being played just the same.

So what have we learned? Don't pay for crap you don't have to. Diamonds are worthless. Don't believe me? Try reselling one. New cars are over-priced. Same deal as diamonds only not as profound. Credit cards and credit scores? Debt-financed lifestyle might feel rich, but you aren't saving your money any more and neither is the majority of Americans. Credit scores depend almost entirely on your ability to maintain debt. You could be a billionaire and have a horrible credit score because you pay for everything in cash. Huge misrepresentation in all of that. Long distance phone service? Set up your own network and run your own VoIP -- it's cheaper in the long run. Hell, even now, my company here in the U.S. communicates regularly over voice AND video with our parent company in Japan. We only pay for the network connection and it goes over the internet.

The reality is that people are too lazy to learn the truth and act on it to change. In the short term, it's great to be smarter than everyone else, but when things go bad, it doesn't matter -- the whole world comes down at once.

Re:The REAL crime here (3, Interesting)

Pharmboy (216950) | more than 3 years ago | (#33855664)

I agree with your logic, but understand that many people ARE dropping the traditional phone companies. I haven't had a land line in a few years, and just switched my office from POTS to Time Warner Biz Cable. Dropping two T1s for data and 12 phones, and picking up two 5/1.5 data lines and 12 phone lines with UNLIMITED nationwide LD (and very low overseas rates) will save our small company $30,000+ this year, and our bill will be the same every month (excepting a small amount of European calls). A direct quote: POTS = $50 line + $15 for rolloever service + usage. TWC costs $39.99 including rollover and LD. We switched a month ago. Our system was down for 10 minutes during the change, and has worked flawlessly ever since.

Half the people I know (mainly younger) don't have land lines. Mainly small businesses are changing to cable solutions (ours was said to be one of the larger ones). The traditional phone companies are soon to be hurting, give it 2 or 3 years. This is why they are making hay while they can, and expanding into other markets.

Re:The REAL crime here (1)

AliasMarlowe (1042386) | more than 3 years ago | (#33857016)

Half the people I know (mainly younger) don't have land lines.

Not just young people. We stopped having a land line about 8 years ago - cell phone service became so cheap. Everyone in the family has their own cellphone (cost each: euro0.67 per month, euro0.07 per minute/SMS http://www.dna.fi/en/privatecustomers/mobilecommunication/Subscriptions/Sivut/dnaOnni.aspx [www.dna.fi] ). My teenage daughter's phone service was recently upgraded to have 384kbps data (cost: euro2.95 per month, no capacity limit, http://www.dna.fi/webshop/Sivut/Default.aspx [www.dna.fi] ). The combined monthly bill for the 4 phones rarely exceeds euro12, unless one of us is travelling abroad.

When our company moved office a few years ago, we also abandoned fixed telephone lines for several hundred employees. Everyone already had a company cellphone, so it was a clearly avoidable cost in furnishing the new offices. Now just reception and a few FAX machines have land lines.

Diamonds... (1)

antdude (79039) | more than 3 years ago | (#33855674)

That is not what she said for "diamonds are worthless" comment. :P

Re:The REAL crime here (0)

Anonymous Coward | more than 3 years ago | (#33855754)

you know you could consult out these services and make a killing right?

Re:The REAL crime here (1)

RajivSLK (398494) | more than 3 years ago | (#33855898)

You are correct about credit scores. If you have money and don't use credit you don't have a credit rating. But guess what? it doesn't really matter. If you need to finance something simply prepare something called a net worth statement where you list all of your assets. Then go to the bank and they will happy give you loan. Credit ratings are for people with little or no net worth.

It makes sense. How else do you, as a bank, tell two people both living pay check to pay check apart? One could have a much higher chance of repaying the loan. However, the guy with a high net worth with no credit can be judged to have a high repayment chance by virtue of the fact that he is loaded.

The REAL connection here (0)

Anonymous Coward | more than 3 years ago | (#33856364)

Did you forget to mention that the exact same networks that are used to router phone calls are the exact same networks that are used to route internet traffic?

SONET [wikipedia.org]

Re:The REAL crime here (1)

sjames (1099) | more than 3 years ago | (#33855592)

That doesn't come anywhere near explaining it though. If I and someone else have an internet connection, we can talk 24/7 for less than $50/month flat rate each (with plenty of bandwidth left over for other internet uses). The protocols for VoIP are so baroque specifically so they match up with SS7 (spoken by the old POTS network). The only reason they haven't tied to two to make POTS just as cheap is that they don't want to.

To add to it, MANY of the internet connections are actually nailed up digital voice lines adapted to carry IP traffic and yet it's STILL cheaper than a phone call.

Re:The REAL crime here (3, Interesting)

postbigbang (761081) | more than 3 years ago | (#33855642)

True. This is because traditionally, voice and data were two separately tariffed ideas. Landline equipment can be tip/ring or can be DSL VoIP.... or a cable VoIP-- depending on what state and which part of the world you're in.

QoS and low latency to support voice are a bit different when you use bi-directional telephony on top of data lines. I'm not trying to justify what PTTs and telcos charge here. But voice telephony is different than data telephony and VoIP is different still. Personally, I prefer Skype. But Business Skype is an oxymoron. Those in the business VoIP business range from reasonable to totally sucks. The "free" part of the OP's message is what I have issue with. Data is asynchronous, and voice is isochronous and the two take different equipment and have different historical infrastructure. When voice is data and actually rides over wires in bit frames, it may or may not be part of IP protocols. If it rides over IP as isochronous media, then call quality depends on deterministic routing as well as low fundamental line latency.

If you use SIP or ENUM/ENUM2, then the additional problems of gateway protection is important and costs money. Don't pay the money or let a fool guard it, and you get $100K surprises.

Re:The REAL crime here (3, Interesting)

EdIII (1114411) | more than 3 years ago | (#33857032)

If you use SIP or ENUM/ENUM2, then the additional problems of gateway protection is important and costs money. Don't pay the money or let a fool guard it, and you get $100K surprises.

You just can't overstate that last part.

A *huge* amount of VOIP fraud and hacking is against Asterisk based systems.

Nearly all of the stories I hear are about Asterisk based systems that had their SIP port opened up to the Internet. A lot of those involve Trixbox. Trixbox, is by and large, just like slathering a nice thick layer of stupid and apathy on top of an otherwise really solid system. Please, I am not trolling here. I am no fan of Trixbox, due to how impossible it is to manage or get anything done. It's a really pretty front end for Asterisk, and that is about it. Which is why it is so damned dangerous.

The problem is how many people are getting really interested in VOIP, but don't have the expertise, training, or initiative to do it correctly. From enthusiasts, to IT departments pressured to cut costs with, "with that whole VOIP thingy I read in a business magazine" from their pointy-haired-bosses, VOIP is getting really hot for a lot of people. VOIP providers are plentiful now and pretty darned easy to setup. Most of the ones I have evaluated ALL have tutorials for setting them up on Asterisk and Trixbox.

Biggest problem with Trixbox? People go for the free and are not paying the money for the Trixbox support contracts or the professional offerings. To be fair, it is not just Trixbox either... Stuff like PBX in a Flash is just as problematic.

What we have is a large number of people that using Asterisk based systems (there is not a whole lot of other options out there. YATE is the only one I know of, and the others are based on Asterisk) not being managed correctly .

When you don't understand the dialplan, concepts behind a dialplan, extensions, SIP security, media, etc. you setup yourself up for a situation very similar to a router with a default password or an email server setup as an open mail relay.

For me personally, I found Trixbox, PiaF, and others to just not work, and be nearly impossible to configure or customize to do what I wanted to do. As a result, I threw myself into learning as much as possible and started from scratch with a bare metal Asterisk with no configuration files. It took awhile, and I had the Asterisk Bible on me too, but I learned. I think I am in a much better position for it too. Would not call myself an expert yet, but I am not an amateur either.

90% of this fraud would go away if the people using Asterisk/Trixbox would follow some very basic rules and configure their systems correctly from the start. I have received at least a million attacks on my PBX systems in the last 3-4 months and they never succeed. Mostly because I researched and read about the best ways to defend against it....

Surprise... by not running a default system open to the internet. Shocking...

It's really just like you said. Pay the money and don't put somebody inexperienced in a position of responsibility over the VOIP. Unfortunately, when you screw up with VOIP it can very expensive since they can rack your bills up *really* fast.

Re:The REAL crime here (1)

KDR_11k (778916) | more than 3 years ago | (#33856798)

To be fair, most landlines these days come with cheap flatrates too, you only pay for calling other networks or countries (the telco probably has to pay an extra charge for those).

Re:The REAL crime here (0)

Anonymous Coward | more than 3 years ago | (#33855404)

Phone calls should be as free as the internet.

You can have free calls. See article.

Re:The REAL crime here (0)

Anonymous Coward | more than 3 years ago | (#33855470)

It's not the technology, it's the abusive business models.

It's amazing how people whine about X but then CONTINUE TO VOLUNTARILY PAY FOR X. If you don't like it, don't buy it or quit whining. The choice is yours.

Re:The REAL crime here (-1, Troll)

erroneus (253617) | more than 3 years ago | (#33855568)

You fail to see the larger picture beyond the individual. What affects one affects others. What effects the masses will affect individuals.

Take obesity and obesity related health problems. Fat peoples say, "Why can't you just left fat people be fat in peace?!" We can if fat people with their fat health problems didn't demand "fair treatment" by air liners and all others. We can if we can exclude their fat health problems from health care programs so that the insurance companies wouldn't charge the healthy people higher rates justified by the costs of maintaining their conditions. The fact is, fat people are at least an inconvenience and are generally a burden on society at large.

And let's look at spam. I don't buy crap from spammers and I'm sure no one else here does either. So why is it flooding and polluting the internet? Why are security issues constantly being exploited so that more spam can flow? Is it because a tiny fraction of people are actually buying their crap? Yes!! Why can't people buy crap from spammers and be left in peace? Because their behavior results in a world of hell that costs the rest of the world billions in costs related to computer security, man-hours, lost productivity, lost business data and on and on and on... and it all starts with people buying through spam which are a TINY minority of people.

Stop thinking the way you do now and see the world for how we all interact and affect one another and you will begin to see the nature of the problems we all face. I can do what's right for me, but it won't save me.

Re:The REAL crime here (1, Troll)

GigsVT (208848) | more than 3 years ago | (#33855720)

Your two examples are completely different.

Obesity only costs other people money because of collectivistic programs. Get rid of the collectivism and you get rid of the problem, and people are free to make their own choices.

Spam, on the other hand, is a criminal endeavor, a theft of resources. That's a completely different matter.

One is a symptom of freedom being incompatible with collectivism, the other is criminals taking what isn't theirs.

Re:The REAL crime here (1)

erroneus (253617) | more than 3 years ago | (#33855756)

The point of spam is that it STARTS and continues because there is money in it. Money spent by stupid, desperate people. A tremendous minority of people at that. Without their existence, the marketplace for spam and all the criminal acts connected with it wouldn't exist in the same way or in the same volume. Sure there would be hacking for fun. There would be hacking for espionage. But at the moment, most of it is for profit and the profit is primarily through sales generated through spam advertising. My intended example was to show how the very few foolish people who buy through spam advertisement have managed to encourage a global problem. We all know this story though. I would be a little surprised to learn that you didn't realize that the fraction of a percentage of people respond to spam and that's all it takes to keep that market moving and viable.

Re:The REAL crime here (3, Insightful)

GigsVT (208848) | more than 3 years ago | (#33855778)

Of course I realize that. But it's tilting at windmills to wish that there were no suckers in the world.

It's easier to catch the criminals than to get rid of (or educate) all the suckers. No matter how much you educate them, they'll keep thinking that "this one is different" or that they know better than everyone else.

Re:The REAL crime here (0)

Anonymous Coward | more than 3 years ago | (#33856644)

Yes, those stupid collectivist programs that allow us to all pay a reasonable amount for protection against catastrophic happenings for a minority of people. It's horrible I tell you. Cancer patents and people mangled in car wrecks should totally pay their own way. Lazy asses.

Re:The REAL crime here (2, Insightful)

hairyfeet (841228) | more than 3 years ago | (#33855828)

I'm sorry, but I gotta call bullshit. I'm a smoker, and I'd be MORE than happy to sign a "contract with America" that says in return for NO TAXES on my cigarettes the ONLY treatment I'll be given for a smoking related disease if I get one will be generic morphine which I'LL PAY FOR. Propose THAT to your local congressman and see how far it goes. I'd also look into how much of that tobacco settlement money actually went into treating smokers. my guess? Pretty damned little.

As we have seen with the IOUs that are our social security ponzi scheme if you give a politician money THEY WILL SPEND IT full stop. Don't think for a New York minute that a "fat tax" will actually be used to pay for fat people any more than the smoking tax was socked away to pay for ailing smokers. I'm sure I'm not the only one who would be happy to tell them where they can stick their substandard "nanny care" and actually keep our money to pay for ourselves, but we don't get a choice and time and time again the government has shown anything you can do yourself they can do with massive amounts of waste, kickbacks, and 40 levels of bureaucracy.

As for TFA? Phone lines are going the way of the 8 track. You know it, I know it, the telecos know it. Therefor they are gonna gouge like mad for every dime they can. Hell nobody I can think of, even my 70 year old mom, uses POTS anymore, thanks to their refusing to get with the times. Yeah I'm sure that if the world switched to VoIP there would be some dropped frames, and you know what? We wouldn't care because it ain't costing us $$ a minute. I've been on VoIP through my cableco going on 3 years and can't imagine ever going back. Sure I get the occasional bit o' static or glitch when I'm also slamming my network, but my GF lives 2 hours away and on POTS a 2 hour call was simply insane without signing for some stupid plan. Now I can talk as long as I want and never even think about it, as anything on the North American content is included in my $35. The phone companies are gonna gouge every bit they can from long distance because they know their time is nearly up, same way you should see the contracts they offer new bands now. You have never seen anything so blatantly one sided before in your life, but they know they are nearly out of time and are gonna snatch as much IP as humanly possible to coast on their back catalogs. Pure greed my friends, pure greed.

Re:The REAL crime here (0)

Anonymous Coward | more than 3 years ago | (#33855540)

Its script kiddies. i run several asterisk VOIP servers and daily we receive scripts that rotate extensions and passwords trying to find a registration they can use to gain access and make calls. we installed fail2ban and tweaked it, done.

Re:The REAL crime here (0)

Anonymous Coward | more than 3 years ago | (#33855580)

Its called Skype!

Re:The REAL crime here (1)

LBt1st (709520) | more than 3 years ago | (#33856420)

Much like gas prices, cable TV and various other products/services; The prices are high because people continue to pay them.

Re:The REAL crime here (0)

Anonymous Coward | more than 3 years ago | (#33856540)

I can reach web pages hosted all over the globe but I can't make a phone call? It's not the technology, it's the abusive business models. Phone calls should be as free as the internet.

It's abusive for a company to invest money in building infrastructure, and then choose what price it's going to sell those services for? You're free not to buy a company's product if you really consider it worse than nothing at all. But that's the problem, isn't it; you do think the company is providing something of value, you just want to be able to dictate how they run their business. I think you need the services of a company that specializes in personal disorders.

Re:The REAL crime here (1)

CodeBuster (516420) | more than 3 years ago | (#33856756)

It was probably not the "long distance charges" in this case that rang up the large bill, but rather the types of numbers that were being auto-dialed. Notice that "premium numbers" were mentioned in the article which seems to imply that numbers which incurred additional charges, which phone network operators are required by law to collect and then remit to the owners of the "premium number", are the culprit. Probably some number in Nigeria which costs $20 per minute, or whatever the maximum allowed by law is, to call or some such. There are always small companies and unscrupulous service providers who take advantage of the telecom laws in various countries to gouge unsuspecting callers. The phone companies don't much like these people either, but they are required by law to service calls to those numbers.

Re:The REAL crime here (1)

Tom (822) | more than 3 years ago | (#33856848)

Which isn't. The real crime is that ISPs have been running a ruinous business model for years, in attempts to drive out competition and gain market share. The prices that are currently everywhere here in Europe are below costs already. Yes I got that info first-hand from the CEO of a large Telco/ISP.

It's all driven by investors, because "the stock market" (whoever that is) believes that only the first 2-3 (depending on country size) competitors can be profitable. Ironically, this belief is the direct cause for only the #1 being profitable (the old, ex-government-held telcos).

The real crime is that you have been led to believe that Internet access or phone calls don't cost anything. That crime is costing jobs in the Telco industry, and is forcing many smaller ISPs to shut down because they can't compete on insane prices. The invisible hand has a clear strategy: Drive everyone out of business until a small oligopoly remains, which can then proceed to rise prices until it is profitable enough to repay all the investments. Since entry costs into the market are considerable (once termination costs have risen sufficiently), that oligopoly won't be broken without government intervention.

Phone calls and Internet access should not be free, they should be priced realistically.

why do the 'victims' get bills? (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33855184)

like the co. doesn't know what/who is using their networks? what even more horseshit. reminds us of the bank charging overages without paying out a dime to anybody. of course they 'forgive' them when one complains. i think they depend on some folks not bothering. it reads like it's the customers' fault & problem & that the co.s are just peripheral victims themselves, although they've lost nothing & are probably raking in unmentioned extra $ on the folks who don't pay attention or have a low illicit use rate.

Re:why do the 'victims' get bills? (4, Informative)

cduffy (652) | more than 3 years ago | (#33855198)

If the call is proxied through the victim's poorly-configured VoIP server, no, their provider doesn't know where it actually came from.

Re:why do the 'victims' get bills? (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33855250)

The key word being "if", it isn't that clear cut. SIP is only one half of the protocol. Most "loose" VoIP configurations don't channel the RTP stream through the same server as the SIP traffic. You can have a SIP server on the other side of the planet and still enjoy low latency if the other side of the call is close and the RTP stream is sent and received directly to/from the peer. The VoIP server would have to do extra work to proxy the audio data, so the P2P configuration is often standard. In that case, the other side (in these cases the POTS gateway) does see where the caller is and where the VoIP server is.

Anyway, even if the gateway operator can not detect the fraud based on technical indications, a large call volume to foreign countries is unusual for most businesses, as is a phone bill in the four to six digits. If an operator doesn't alert their customers to the buildup of such an unusually high bill, then the operator should not expect to get paid.

Re:why do the 'victims' get bills? (0)

Anonymous Coward | more than 3 years ago | (#33855318)

Okay, sure. But how can they possibly not know where the money is going to? That seems like an obvious way to trace the criminals.

Re:why do the 'victims' get bills? (0)

Anonymous Coward | more than 3 years ago | (#33855446)

Yes, but why do they get *bills*?

I use callwithus.com I have it set to only enable calls cheaper than $0.05/min. The service is pre-paid, with no expiring funds.. If you are a small business, even if you have 10 employees talking on the phone 10h a day, that's about $30-$60 for regular phone calls. At max rate, that's $300.

In a normal course of business (unless you are a call center), small businesses would use about $1/day. That's 2-4h talk time!

Re:why do the 'victims' get bills? (1)

cupantae (1304123) | more than 3 years ago | (#33855212)

Banks have an out, though:

Identity theft [youtube.com]

I know slashdot probably hates youtube for some reason, but this is very funny.

Re:why do the 'victims' get bills? (1)

LongearedBat (1665481) | more than 3 years ago | (#33856298)

I quite liked it :) but I have no mod points. :/

Re:why do the 'victims' get bills? (1)

cupantae (1304123) | more than 3 years ago | (#33856368)

I've got excellent karma, thanks! Probably improves my real-life karma if someone liked it, though. I can strongly recommend all of Mitchell & Webb's work, especially Peep Show, if you haven't already seen it.

Re:why do the 'victims' get bills? (1)

aiht (1017790) | more than 3 years ago | (#33856654)

I know slashdot probably hates youtube for some reason, but this is very funny.

I can't speak for slashdot in general, but I usually don't follow youtube links in forums because the url gives me no idea what they are.
Once I saw your reply that mentioned it's Mitchell & Webb, though, I jumped on it - those guys are pure gold.

When dealing with telcos... (5, Insightful)

Anonymous Coward | more than 3 years ago | (#33855190)

don't use unbounded plans. If your provider doesn't offer hard limits for post-paid plans, choose pre-paid and never put more money into the account than you can afford to lose. Instead of looking out for their customers and telling them when their bill climbs to astronomical heights, telcos will gladly stand by and reap the insane profit. Consumers can only reasonably choose to treat their telco like a kid with a small cash allowance instead of a platinum credit card.

Re:When dealing with telcos... (5, Informative)

mjwx (966435) | more than 3 years ago | (#33855454)

don't use unbounded plans. If your provider doesn't offer hard limits for post-paid plans, choose pre-paid and never put more money into the account than you can afford to lose

G'day mate,

In Australia we dont have so called "unlimited" plans, for A$99 a month you get 1 TB of data (upload and download) on an ADSL connection. After reaching your data cap your connection is shaped to just above dialup speed (somewhere between 64K and 256K as our Luddite government still defines anything above 56K as broadband). If you want unmetered plans, expect to pay $450+ (+ == plus GST (Goods and Services Tax) which is 10%) for 2 Mbit, if you want 10 Mbit, expect to pay $1400+ for fibre.

Side note: this is why the NBN at 43 Bn AU$ (26 Bn public money) is an absolute bargain.

Now that I've clued you in about the sorry state of internet in Australia, the charges are not from downloads but from using the ISP's SIP gateway. Traffic between your router and the ISP's SIP gateway will not be metered by all but the most unscrupulous of telco's in AU. But you still pay a per call charge on VOIP because the ISP is providing a service which costs them money (calls within their network are typically free however). It would be quite easy to rack up hefty bill if you have a script that can call internationally. What the service providers should be doing is this, when a bill reaches a suspicious amount (use $150 as a yardstick for home services) then the ISP notifies the customer, once the bill reaches a second milestone (say $300) the service is suspended (incoming calls only) until the issue is rectified unless the user expressly requests otherwise.

Re:When dealing with telcos... (0)

Anonymous Coward | more than 3 years ago | (#33856256)

*looks at Slashdot comment, brought to me by $75/month, unlimited internet account*
*looks out at Sydney harbour*
*blinks*

Re:When dealing with telcos... (1)

bloodhawk (813939) | more than 3 years ago | (#33856996)

please enlighten us all where in sydney you can get such a thing? not saying your lying but I only know of plans that call themselves unlimited but actually have limits as they are shaped and I know of no truly unlimited $75 plan with any of the mainstream providers.

Re:When dealing with telcos... (1)

Cimexus (1355033) | more than 3 years ago | (#33856318)

To be fair, 1 TB for $99 ain't bad at all, and much better than the state of affairs in previous years. Keep in mind that in many other countries with 'unlimited' plans, there can be soft caps or fair use agreements that kick in at substantially less than that. Not to mention that throttling/QoSing 'undesirable' traffic types (e.g. torrents) is commonplace on residential-grade unlimited plans in many countries. At least in Australia you get what you pay for and they don't screw around with your packets (the good ISPs, at least). So for home users and small businesses, 1 TB may as well be 'unlimited' - and at a price that is now at least in the ballpark with other countries.

Of course once you start talking medium and large sized businesses, 1 TB may not be enough. But as you say, the data consumed was not the issue in TFA ... it was the ISP's SIP charges. Which are highway robbery admittedly, when you consider what it actually costs the ISP.

PS. It's very unlikely the NBN or any other technology will see true unlimited plans at rock bottom prices in Australia anytime soon. No matter the delivery technology, the inescapable fact remains: we are an English speaking country wishing to consume mostly English speaking content which is hosted 15,000km away in North America (for the most part). Renting capacity on undersea cables has a cost associated with them, especially when the ~majority~ of an ISPs traffic has to flow through them. This means costs in Australia are uniquely higher - cf. Japan/Korea (where most content in the local language is obviously hosted locally), or the US (where again, the average distance traffic has to travel is far less and most ISPs can get to most content without leaving their network or their immediate peers).

Re:When dealing with telcos... (1)

mjwx (966435) | more than 3 years ago | (#33856422)

. It's very unlikely the NBN or any other technology will see true unlimited plans at rock bottom prices in Australia anytime soon

Not unlimited, but we'll see a lot of restrictions that come with DSL disappear. What the NBN will bring is a highly reliable network with consistent speeds to over 95% of Australian homes and businesses. This kind of connection is something that is very very expensive at the moment.

the inescapable fact remains: we are an English speaking country wishing to consume mostly English speaking content which is hosted 15,000km away in North America

And this is the kind of thing the NBN will actually work to fix.

Why is the content hosted in North America/Europe?
Because it's not any faster to host it here. With a better network the idea of running Australian datacentres for Australian consumption becomes more feasible.

Ultimately, what you want is to create a need for local datacentres, there's no point if there's no benefit. There is not much content that cannot be easily replicated here, once here it costs practically nothing to transmit, this is why ISP's tend to use caching very aggressively.

Re:When dealing with telcos... (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33856452)

Just to add a little scope to the 1TB thing - that was an offer only made available this year, the culmunation of about 6 months of renewed plan competition between first- and second-tier ISPs in response to the NBN publicity. Prior to this typical quotas were in the 10GB to 50GB range.

Oh, and for a little more context, the 1TB plan that I'm aware of is actually 500GB onpeak, and 500GB offpeak, offpeak being between 2am and 7am. So realistically, it still is really only good for 500GB. This biased-distribution 'doubling' strategy is pretty typical of current plans.

Re:When dealing with telcos... (0)

Anonymous Coward | more than 3 years ago | (#33855482)

Or ya know, just secure your Asterisk installation?

Its mostly personal servers rather than standard voip accounts with providers.

$10 per call? (1)

way2trivial (601132) | more than 3 years ago | (#33855242)

I thought voip was supposed to be cheaper than anything else?

anyone? how is 11k calls worth a 120k bill?

Re:$10 per call? (0)

Anonymous Coward | more than 3 years ago | (#33855278)

I would guess that the scam is that they call 1-900 numbers so that the company with the phone numbers gets the cash from the victims. I don't see how else the scam would work. If they call a regular number then only the telco gets the proceeds.

Re:$10 per call? (1)

Trekologer (86619) | more than 3 years ago | (#33856020)

The scam artists typically are pumping traffic to revenue share numbers (think the international equivalent of 1-900 numbers), where they get a cut of the call termination cost. And the revenue share numbers are in countries that many people have never heard of, such as Tuvalu.

Who is placing the calls? (4, Insightful)

OnePumpChump (1560417) | more than 3 years ago | (#33855246)

Is this stolen VOIP service being resold via phone cards, or what?

Re:Who is placing the calls? (0)

Anonymous Coward | more than 3 years ago | (#33855292)

Calls are often placed to phone sex lines rented by the attacker. This way a big percentage of the money extracted from the victim is paid out to the attacker via the inter-operator settlement.

Re:Who is placing the calls? (1)

man_of_mr_e (217855) | more than 3 years ago | (#33856522)

Most 900 and pay line services don't work with VOIP services, hell they don't work with cell phones. This is why 900 services are going the way of the dodo. Pay per SMS has become far more profitable.

The only way your scenario works is if there's a VOIP to local phone service gateway in place that allows this, which would require a ver small subset of VOIP installations.

I also think this is probably far more of an issue for commercial VOIP systems, since they would probably be far less likely to have OS updates applied to them than someone using Asterisk, FreeSwitch, or other software based ones.

Re:Who is placing the calls? (2, Informative)

bcmm (768152) | more than 3 years ago | (#33855334)

Premium lines run by the scammers, presumably.

Re:Who is placing the calls? (1)

Barny (103770) | more than 3 years ago | (#33855844)

Would need to be hosted off-shore, otherwise would be too easy to find them.

Fear! Uncertainty! Doubt! (0)

Anonymous Coward | more than 3 years ago | (#33855270)

Providers of POTS phone services must lurve these FUD stories - *anything* that can help them stop haemorraging subscribers to VOIP services.

Jail the criminals, don't steal from the victims. (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33855272)

Maybe theY should not be ISP's if they can not handle it.

This is like 'identity theft'.

Is your name no longer Bill?

The bank fails to protect you and your money from fraud. The money you put into the bank for safe keeping, got stole from the bank, not you. The bank failed to do it's job. The criminal who stole the money is the criminal.

Rather than tighten up security, put the crook in jail, SPEND SOME MONEY, HIRE SOME REAL TECHS, they hire lawyers and media people to rebrand this as 'Identity Theft'.

Sure that is a cool mindfuck, but come on, people are going to eventually catch on and burn your house down, hopefully with you in it.

Just another part of the backstory in yet another run up to another failed attempt to shut down the internet.

Please. We're computer nerds. The smartest bunch on the planet. Cut this crap out. You've been called on it. Go back home. The cheque is not going to clear.

At least give us some new creative propaganda, fear, FUD, booga booga and doom. This same old, same old, with a dull twist makes me want to watch Hanna Montanna.

REALITY! IT"S OUT THERE! IT'S REAL!

Re:Jail the criminals, don't steal from the victim (1)

pookemon (909195) | more than 3 years ago | (#33855704)

Perhaps, oh genius, you'd like to tell us who the crook is? What? You don't know? It takes years - and generally a slip up, to identify just one SPAM king. And when they arrest them, 10 more step up to the plate. No doubt there are plenty of ppl investigating these crimes to try and arrest someone - hopefully they are smarter than you.

I'm betting your the kind of person that watches a "most wanted" show and says "why didn't they just arrest them when they took their mugshot photo"?

Yuo 7Ail it (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33855310)

or make loud 8oise5 as the premiere

We use voip (0)

WillRobinson (159226) | more than 3 years ago | (#33855378)

Our voip provider bills in 40$ increments. I think I would know if something was going on, plus all the alerts from a properly setup system with basic monitoring would show failed login's after 3 or 4 attempts were made.

No surprise - the stuff is wide open by default (5, Insightful)

dbIII (701233) | more than 3 years ago | (#33855388)

Some idiots turned up to install a phone system here, and after a Darwin award attempt by sitting their drinks on the UPS they asked for telnet to be open to their system from the internet - and it has no password! They also wanted 5060 open so they could do remote tests.

Re:No surprise - the stuff is wide open by default (2, Interesting)

Dynedain (141758) | more than 3 years ago | (#33856296)

Same at my office. The provider insisted that we install no firewall or antivirus on their Win2K3 box, and they wanted remote desktop enabled and a public IP. We said hell no. This is sitting behind our firewalls and if you need access, we'll setup some port forwarding pinholes THEN.

This happens all the time in the USA as well (3, Informative)

Charliemopps (1157495) | more than 3 years ago | (#33855538)

This happens all the time in the USA as well. Either their voip server is compromised or their PBX... often because they leave the password set to whatever the default was. In some instances I've seen businesses that had proprietary voicemail systems, that had a "feature" in which a user could setup their voicemail to transfer a call to another number. The pin numbers are only 4 digits and they have dozens of users so it's relatively trivial for the attacker to just try random mailboxes until they find one that's got 1111 or 2222 as their pin. Once inside they set the mailbox to forward calls to some international location. Over a weekend a business can rack up $50k-$100k in charges. Most of the charges are international and therefor non-refundable.

Something missing here... this is not my VOIP (2, Interesting)

mspohr (589790) | more than 3 years ago | (#33855552)

A Perth business was hit with a $120,000 bill after hackers exploited its VoIP server to place some 11,000 calls over 46 hours last year. ...

My Skype VOIP would only charge $10.00 for 10,000 calls. These businesses must be really stupid.

Re:Something missing here... this is not my VOIP (0)

Anonymous Coward | more than 3 years ago | (#33855622)

That's what I don't get about this. The big draw for voip is that long distance is either really cheap or free.
if the voip compaies want to stop this abuse, why don't they have customers set a limit on their monthly long distance? When the limit gets hit on. The 3rd of the month, it would be a great indication that your server has been hacked.

Re:Something missing here... this is not my VOIP (1)

Kjella (173770) | more than 3 years ago | (#33855638)

Umm do you think they're doing it just for the phone minutes? They're dialing special numbers that you get billed extra for, so they get $$$. And the ones who take the money just act all innocent "Hacked? Don't know what you're talking about. You call, you pay."

Re:Something missing here... this is not my VOIP (1)

Kalriath (849904) | more than 3 years ago | (#33856036)

Businesses don't use Skype. Period.

Whyzat? (1)

LongearedBat (1665481) | more than 3 years ago | (#33856348)

What's wrong with Skype?
What should businesses use instead?

Re:Whyzat? (1)

flyingkillerrobots (1865630) | more than 3 years ago | (#33856528)

"Businesses don't use Skype. Period."

Re:Whyzat? (0)

Anonymous Coward | more than 3 years ago | (#33856776)

Yes they do.

I've got a customer, a $4M/yr business, that uses Skype on a regular basis.

Re:Something missing here... this is not my VOIP (1)

Cimexus (1355033) | more than 3 years ago | (#33856346)

They aren't dialing 'regular' phone numbers. They are dialing premium numbers (you know, those $10/minute or whatever lines). Internationally. The idea being that the scammers themselves are running the premium lines (or at least have some financial interest in them), so they are essentially making free money.

Re:Something missing here... this is not my VOIP (0)

Anonymous Coward | more than 3 years ago | (#33856736)

If it's a phone service for a business, they should have barred premium numbers. I've done this on my residential phone.

Get a clue people (1)

dave562 (969951) | more than 3 years ago | (#33855680)

I've seen a lot of posts from know it alls who talk about how Skype is so cheap, and how they can talk to their office in Asia over VoIP for nothing more than the cost of an internet line. Skype and VoIP for internal communications might be great, but they are not suitable for business. Until everyone who you want to sell a product to has a Skype account or a VoIP connection, you need a regular phone line to talk to them. Except for some fringe cases of small businesses that can do everything over email and IM, the rest of the world uses these things called telephones.

I bet that even those VoIP servers and SIP gateways that got hacked were probably plugged into old fashioned PRI/T1 circuits from the telco. VoIP is great and all, but at some point you need to leave the playground and interact with the rest of the world. When that happens, you end up paying through the nose for POTS service.

Or maybe one of you geniuses can come up with a new business model. You can setup a VoIP server, and when people call in it can direct them to a webpage with instructions on how to download Skype. Then your customers can go through the hassle of setting up Skype to connect to you.

Or maybe, your customers will just find the next company that sells the same widgets that you do, pick up their phone and dial 800-NOT-VOIP.

Re:Get a clue people (0, Troll)

Barny (103770) | more than 3 years ago | (#33855904)

Skype Out?

Heard of it?

Yeah, thats nice, now go back under the bridge please, adults are talking.

Oh, and look up a definition of SIP, it means to use an internet connection to make calls to landlines/mobiles, it will give you something to do while we finish.

Re:Get a clue people (1)

Albanach (527650) | more than 3 years ago | (#33856276)

Skype Out?

Heard of it?

Better than that, I've heard it. And for the same reason, very many businesses won't consider dropping their POTS connection.

It's one things entrusting your calls to VOIP if you have a dedicated high bandwidth internet connection, ideally with QOS as far as possible between yourself and the VOIP provider. It's another thing altogether to trust your business calls to the available bandwidth of a random skype supernode that's being used to navigate round the NAT between your laptop and the skype POTS termination point.

Don't get me wrong - skype is a great tool. And for inter office calls between staff members, where call quality issues can be worked around it's fine. But for the customer facing side of the vast majority of businesses, it just won't pass muster.

Re:Get a clue people (1)

wardred (602136) | more than 3 years ago | (#33856406)

And yet, even the traditional PBXs are going towards SIP and/or other VOIP based phones...where all the challenges that Skype addresses abound, and may not have found a solution nearly as elegant. Would you rather have a call that's a bit cruddy in quality, or have your employee, who knows jack about networking, working in an office that may or may not have an IT staff, try to debug the problems with his PBX based IP phone? (And probably still run into call quality issues.)

Re:Get a clue people (0)

Anonymous Coward | more than 3 years ago | (#33856650)

Oh, and look up a definition of SIP, it means to use an internet connection to make calls to landlines/mobiles, it will give you something to do while we finish.

Yep that's what it's for. Only for making calls to landlines/mobiles. Perhaps you need to look into it's definition further?

Re:Get a clue people (1)

JohnFluxx (413620) | more than 3 years ago | (#33856708)

I'm a contractor living in the UK and have a customer in Germany and a customer in Finland. I speak to them every single weekday for half an hour (daily scrum..) and do so by skype.

I use a "real phone" (the N900) and I dial their real phone. My N900 uses the wireless connection in my house to connect to skype. They can even call me since skype gives me a real phone number. I do pay for both services, but it's not very much.

It's not even hard or complex to setup. The N900 comes with skype built into it. I give it my login details for skype (or create a new account) and then when I make a phone call it asks if I want to use the normal phone system or skype. And that's it.

And even better, if the other side does have skype, the call is free and can have video as well (the N900 has a second small video camera for that purpose). I have used this when I have to travel and want to talk to my baby.

Any bets on where zdnet funding is coming from? (0)

Anonymous Coward | more than 3 years ago | (#33855702)

Considering that zdnet is a high profile tech site with a diverse range of professional writers and a very long standing internet profile, I'm guessing that they're not getting funded by that single advertisement on the top right hand side of the page. A wholly owned subsidiary of the CBS corporation, CBS has long standing relationships to Australian corporations involved in communications and entertainment.

Drawing an inference from this is a very serious stretch.

But imo zdnet and cnet are about as far from impartial sources of information as can be found on the internet.

But which way does their toilet water run? (1)

TheABomb (180342) | more than 3 years ago | (#33855760)

The International Drainage Commission really needs to know.

nnnn is not an acceptable password (0)

Anonymous Coward | more than 3 years ago | (#33855792)

Most real phone companies already monitor for this sort of fraud AND give you the option of disabling numbers and services that charge to your phone account.

Your ISP is not a real telco and you should not expect that they would be in any position to act like one.

If you don't want your SIP accounts to be hacked then don't use crappy (All numeric) passwords.

Personally I am sick and tired of VOIP. It is insanity in 2010 basic information services like telephones should sound so crappy and be so unreliable as to be utterly useless. Several times a day every day I answer the phone unable to make out a single complete sentance the person on the other end is saying -- calls randomly disconnected left and right.

It is a greek tragedy call quality continues to decline year after year.

Interesting timing (2, Interesting)

Buzzard2501 (834714) | more than 3 years ago | (#33855806)

Yesterday afternoon (and then again at 9pm) I watched an IP from Korea use a dictionary attack against our PABX (Asterisk) located in Australia. It used a standard list of usernames and passwords, and then every extension from 0000 to 9999. While our setup would protects us from any substantial loss (most extensions are setup to allow 1-3 simultaneous calls, premium calls are disabled, and our VoIP billing is pre-paid), Fail2Ban is in the process of being setup.

Re:Interesting timing (5, Interesting)

e9th (652576) | more than 3 years ago | (#33856270)

By all means use fail2ban. But setting alwaysauthreject=yes in sip.conf will generally stop the attacks faster, and also in cases where they try s-l-o-w-l-y, hoping to slip under fail2ban's radar.

Setting alwaysauthreject causes asterisk to respond the same way to an invalid peer registration as to a valid one using a bad secret. In other words, the attacker can't get a list of valid extensions for later password cracking attempts. Note that this violates RFC3261, but I'm unaware of anything that it will actually break, and in fact it's the default in asterisk 1.8.

They are scanning for weak password (0)

Anonymous Coward | more than 3 years ago | (#33855816)

I have seen this first hand our voip server gets scanned multiple times a day.. The best defense, 16 digit random password on sip extensions, install fail2ban sip rules, and firewall off the port completely if you don't need access from the out side, or allow access through a vpn... People get hacked because they are lazy.

Just like SSH (1)

themerky1 (1916762) | more than 3 years ago | (#33855822)

They're mostly brute force attacks. There need to be limits put in place. Same thing happens with SSH all the time. Hasn't stopped for years. I doubt it will.

August was my bad month (1)

tinkerghost (944862) | more than 3 years ago | (#33855854)

I was pulling 60+ login attempts a second for almost the entire month. I had at least 4 separate colleges around the world hammering at my system. I provided log snippets to their abuse depts & got no response, although I did receive an increase in attempts from the tech school in S. Korea.

Re:August was my bad month (1)

Albanach (527650) | more than 3 years ago | (#33856340)

I was pulling 60+ login attempts a second for almost the entire month.

fail2ban is your friend. Simply block their IP after three failed attempts.

Actually, I think this should become a standard feature for most VoIP software. It's simply too easy to scan for weak passwords.

When I've seen scans they tend to be numerical too. I wonder if it's worth having honeypot extensions in the low numbers.

Of course, if you're using asterisk and allow registrations from remote IPs and you have extensions.conf configured to allow calls to international destinations that you're unlikely to call then that's a bit foolhardy.

Re:August was my bad month (1)

tinkerghost (944862) | more than 3 years ago | (#33856988)

Of course, if you're using asterisk and allow registrations from remote IPs and you have extensions.conf configured to allow calls to international destinations that you're unlikely to call then that's a bit foolhardy.

Fortunately, it's configured as a dial-in service only. It's a message service & conference room box only.

Just use the internet, Luke (1)

Skapare (16644) | more than 3 years ago | (#33855960)

Stop placing calls over the legacy switched telephone number. Instead, make calls directly over the internet itself. It's cheaper that way. You just need to know what "numbers" go to what peer VoIP switch. Eventually, everything can go this way and we have no more "per call" charges.

GNAA (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33856054)

is perhaps out how to m4k3 the

This happened to me (4, Funny)

randallman (605329) | more than 3 years ago | (#33856212)

So I setup an account that was easy to hack into. It plays back screaming monkey sounds (included with Asterisk) to the caller and records the conversation. Most of the time, the caller is a machine, but a few times I've had a real person on the line and those were interesting.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>