[VOIPSEC] why are attackers so inefficient?
J. Oquendo
sil at infiltrated.net
Wed Mar 23 11:33:52 CDT 2011
On 3/23/2011 12:23 PM, Klaus Darilion wrote:
>
> There where 200 requests per second, always the Fom/To, just the Callid
> differs. My proxy did not even respond to the requests. What's the use
> case of sending 200r/s with identical identity? Is this a bug in
> sipvicious or is the attacker just to stupid to use it correctly?
>
> regards
> Klaus
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
My belief is that attackers are firing away at anything and everything
to see what they can get into. It would make no sense for an attacker to
start customizing against every single scan they fire off since it would
take too much time. I have seen attackers hitting up machines weeks
after they've been blackholed to smithereens. This just tells me "this
is likely a fire and forget" as there are no responses going through to
the target, nor back to the machine. So regardless of the IQ of an
attacker, it is likely a case of an attacker(s) just firing off ranDumb
attacks in hopes that one will work.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP
"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
More information about the Voipsec
mailing list