More on WikiLeaks Call For VoIP Security DoS Attacks Against FAX Machines

I posted a link a bit ago where some WikiLeaks supporters were calling for attacks against financial organization FAX machines. Here is the link:

http://news.netcraft.com/archives/2010/12/13/operation-paybacks-next-ddos-target-fax-machines.html

While I hope these sort of attack does not occur, I can say that they could be very disruptive. While there are alternatives to FAXes, they are still very commonly used to communicate with customers. This is true for just about all industries, but is certainly the case with banks, other financial organizations, insurance, etc. Loss of FAX machines (or servers) can really disrupt communications with customers.

FAX machines are pretty easy to find - they may be published on websites and can also be found by war dialing (simply calling numbers and looking for FAX machines/tones). Once the attacker has access to the number used by one or more FAX machines, it is very easy to execute a DoS attack. The attacker does not have to generate actual FAX calls - they simply need to call the FAX number. The FAX machine will normally try to connect (typical time is around 45 seconds) before it gives up. An attacker can easily overwhelm a single FAX machine by simply manually calling over and over. The attack can obviously be even more effective if they are automatically generating calls. If the attacker has access to SIP and can generate multiple/many calls at one time, they can overwhelm multiple FAX machines or a FAX server with multiple concurrent call capacity.

There isn't a lot of simple countermeasures to these attacks. You can change numbers, perhaps timeouts on FAX machines, monitor CDR for wardialing, etc. Of course you can also deploy Voice/VoIP firewalls on FAX machine trunking.

Enterprise Connect (Formerly Voicecon) Presentation on Voice/VoIP Security

Enterprise Connect (formerly known as Voicecon) is coming up in Orlando the last week of February/first week of March. SecureLogix is leading a general session on voice/VoIP/Unified Communcations Thursday March 3rd. This is going to be a unique session, because we are also going to provide a "Report to Industry", which is based on real-world attack data we have gathered from hundreds of assessments and managing our security products on real networks. Here is a summary of the presentation:

Communications Security: Report to the Industry (Thursday March 3)

What’s the true state of communications security in 2011? Where are the most serious threats, what’s being done about them—and what’s not being done to stop them? In this session, you’ll hear from leading experts, who will offer their real-world findings drawn from documented and observed operational attacks against U.S. corporations, supplemented by reports from government and other agencies, to give you a sense of what sorts of attacks pose the greatest risk to your communications, and which are still, at this stage, more distant prospects. You’ll come away with an understanding of what threats to fixed and mobile communications should concern you most, and how to tackle them working in conjunction with your enterprise’s security team and the vendor community.

Speaker - Troy Lange, NSA/IAD Capabilities Manager for Mobility, National Security Agency

Speaker - Mark Collier, CTO & Vice President of Engineering, Securelogix

Speaker - Rod Wallace, VP of Global Services, SecureLogix

Moderator - Fred Knight, GM/Co-Chair, Enterprise Connect, Publisher, NoJitter.co