James Knott wrote:
Per Jessen wrote:
Two risks -
1) the SIP sign-on (userid+password) is, AFAIK, not encrypted, so it could be intercepted, giving someone access to use our internal system. 2) brute force attack trying to guess the password. It is easily countered, but we had a case last year where someone managed to guess a SIP userid+password. It meant a slightly higher phone-bill that month:-)
Those problems have existed for years and are not unique to VoIP. Many companies have discovered large long distance bills when someone found out how to access their trunks.
No, the problem isn't new, but the exposure is much larger. I think I see a brute force attempt about every day. -- Per Jessen, Zürich (17.0°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org