Netsurion logo Netsurion logo
  • Managed Threat Protection
    Back
    Managed Threat Protection
    EventTracker

    Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.

    • Solution Overview Managed Threat Protection
    • Platform Details Threat Protection Platform
    Key Capabilities
      Back
      Key Capabilities
    • Security Operations Center
    • SIEM
    • Endpoint Protection
    • Threat Detection & Response
    • Intrusion Detection
    • Network Traffic Analysis
    • Vulnerability Assessment
    • Threat Hunting
    Business Applications
      Back
      Business Applications
    • Banking & Financial Services
    • Healthcare & Pharmaceutical
    • Retail & Hospitality
    • Regulatory Compliance
  • Secure Edge Networking
    Back
    Secure Edge Networking
    BranchSDO

    All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.

    • Solution Overview Managed Secure Edge Networking
    • Platform Details Edge Networking Platform
    Key Capabilities
      Back
      Key Capabilities
    • Network Operations Center
    • Secure SD-WAN
    • Next-Gen Firewall
    • Network Threat Response
    • Network Segmentation
    • Cellular Failover
    • Wi-Fi Management
    • PCI DSS Compliance
    Business Applications
      Back
      Business Applications
    • Restaurant & Hospitality
    • Retail & C-Store
    • Branch Offices
    • Point-of-Sale Solutions
  • Partners
    Back
    Partners
    Partner Program Overview

    Accelerate business growth through our award-winning partner program.

    • Partner Program Overview
    • Managed Service Provider Program
    Partner Program Overview Image
  • Insights
    Back
    Insights
    Insights
    • View All
    • Cybersecurity
    • Edge Networks
    • Compliance
    • SOC Catch of the Day
    • Webcasts & Events
    Insights Image
  • Company
    Back
    Company
    About Us
    • About Netsurion
    • Leadership
    • News
    • Careers
    • Contact Us
    About Us Image
  • Support
    • myNetsurion
    • BranchSDO Support
    • EventTracker Support
  • Support
  • myNetsurion
  • Contact Us
  • How to Buy

SOC Catch of the Day

We review billions of logs daily to keep you safe from advanced threats.

HomeInsights Catch of the Day Vulnerable VoIP

Vulnerable VoIP

The Network: A law firm with many offices worldwide who supplements their team with EventTracker’s co-managed 24/7 SIEM services. Business VoIP has also been implemented for its many benefits.

The Expectation: The business gains the benefit of VoIP including flexibility and cost savings without compromising network security.

The Catch: EventTracker SOC analysts observed a flurry of INVITE and REGISTER messages allowed by the firewall. The originating IP Address has a bad reputation according to AbuseIP. 

The Find: The SIP protocol is known to be vulnerable; possible workarounds include filtering or blocking all SIP traffic with source and destinations UDP port 5060 and TCP ports 5060 and 5061. This however, was not possible because the target was an A/V server which must accept connections from external IPs.
An IPS is also available but is configured in passive mode. Therefore, it does not block such traffic despite recognizing it as problematic.

The Fix: To start, block the attacker IP. Upgrade to an active IPS so that such traffic can be blocked on detection. Apply all available updates to the target machine to minimize the attack surface.

The Lesson: Business VoIP provides benefits, but network traffic must be monitored for attacks. Port 5060 is a common target, the attack pattern being scanning, enumeration, and brute force password guessing, followed by abuse. Attacker motives include anonymity, abuse of the premium rate telephony model, and reselling VoIP and exploiting PII.
Related Catches
  • Dubious Document Destroyed at Law Firm
  • Phony Performance Warning Foiled
  • Man-in-the-middle Disrupted at Multinational
Latest Catches
  • Cryptomining via PowerShell Caught at Retailer
  • MITRE ATT&CK Enriches Ransomware Detection
  • Keylogger on MSP Endpoints
Catch of the Day Catch of the Day RSS Feed

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept

Contact Us

  • (713) 929-0200
  • BranchSDO Support
  • EventTracker Support
  • partners@netsurion.com
  • sales@netsurion.com

Partners

  • Partner Program Overview
  • Managed Service Provider Program
  • Partner Portal Login
  • Find a Partner

Quick Links

  • Why Netsurion?
  • Blog
  • Careers
  • Managed Threat Protection
  • Secure Edge Networking

Follow Us:

Stay in the Loop

  • Terms of Use
  • |
  • Privacy Policy
  • |
  • Descriptions of Services
  • |
  • Contact Us
  • |
  • Sitemap
  • |

Copyright © Netsurion. All rights reserved