System information

One of the most popular tools for SIP account scanning and password cracking is

SIPVicious. We strongly encourage that you take a look at it and use it to audit your

own systems. If your system is exposed to the Internet, others will likely run it against

your system, so make sure that you do it first.

Another resource for all things VoIP security–related is the VOIPSEC mailing list on

VOIPSA.org. The website contains some additional resources, as well.

Finally, http://www.infiltrated.net/voipabuse/ has some useful information. The author

provides a list of addresses known to be the source of VoIP attacks, as well as instruc-

tions on how to block all addresses on this list. The author also provides a sample script

called AntiToll, which blocks all addresses outside of the United States.

Conclusion—A Better Idiot

There is a maxim in the technology industry that states, “As soon as something is made

idiot-proof, nature will invent a better idiot.” The point of this statement is that there

is no development effort that can be considered complete. There is always room for

improvement.

When it comes to security, you must always bear in mind that the people who are

looking to take advantage of your system are highly motivated. No matter how secure

your system is, somebody will always be looking to crack it.

We’re not advocating paranoia, but we are suggesting that what we have written here

is by no means the final word on VoIP security. While we have tried to be as compre-

hensive as we can be in this book, you must accept responsibility for the security of

your system.

As free Internet calling becomes more common, the criminals will be working hard to

find weaknesses, and exploit them.

576 | Chapter 26: Security

Downloa d f r o m W o w ! e B o o k < w w w.woweb o o k . c o m >