Stop Sipvicious Attack

SIPVicious is a program that has been used in increasing reconnaissance attacks against IP and VoIP phones and PBX systems. It was originally used as an auditing tool for scanning phone systems by performing INVITE scans silently. But attackers use this it to determine weak passwords to connect to a phone host on the PBX telephony network in order to get free calling from your system.

For Voicent system, this attack will not succeed since our inbound system is designed differently for the authentication process. So there is no worry for someone hack into your system and make free phone calls. However, the attach does pose a problem for channel congestion. Every time these incoming calls are examined by the system, the SIP channel is not available for other incoming or outgoing calls.

If you use release 10.5.4 or later, you can set up the Authorized IP addresses for your SIP service such that all incoming message not from your service provider is quickly discarded. To set it up, select Setup > Options > SIP Tab, choose your SIP account, click Edit, then click the Advanced… button. In the box below, enter the authorized IP addresses in the box labeled:
Authorized IP addresses For incoming Sip message. It takes a comma separated list, with each item as a complete IP address or its prefix.

If you have an earlier version, you will have to block these attacks using your firewall program. This is outside the scope of Voicent program. The best way is contact your firewall program provider or local IT service to help you set it up.

If you use Skype connect service, the authorized IP addresses are listed in your SIP profile. For other services, please contact them to get a list of authorized IP addresses.