If they pick up the phone won't it cost every time we call? Why not just keep calling for 1 second then hang up then repeat. That way they don't have the opportunity to pick up and rack up the voip bill

The method I use instantly hangs up. On Asterisk systems if you don't force an Answer() the call is never fully answered and you are never charged. I didn't explicitly mention this in the article, but this is a good question.

So no, you don't need to do that, although that would be a suitable method. My method requires less load on your PBX as you don't have to send as many SIP packets (and can therefore place more calls and scale your attack better).

reply to me on theis site i need help from a hacker im getting calls every 30 sec into the office am dr on call from hosp and they cannot get me its happening on my cell also can anyone help the police donot know what to do, there is a reward for the person that can catch the perperator, and he is prosecuted....help for money guys use your tallent

I don't really understand what you are talking about. Someone is DDoS'ing your phone lines? Look up my information on http://rdegges.com/ and send me a message, we may be able to work something out.

Hey, do you know some US voip providers that allow you to spoof the caller id?

Hi dude,

Some US VoIP providers that allow you to spoof caller ID:

flowroute - http://www.flowroute.com/ (my favorite) voip.ms - http://voip.ms/ vitelity - http://vitelity.com/

Hope that helps :0

Hi Dude,

Can't download the code at: http://cloud.github.com/downloads/comradeb14ck/pycall/

Hoping for your help. Thanks

Hi wizphil,

Sorry about that. I actually recently built a website for pycall (http://pycall.org/) which links to the latest release. At the point of me writing this, that is: http://github.com/downloads/comradeb14ck/pycall/pycall-1.4.tar.gz

Enjoy!

Hi Dude,

Thanks a lot. Have a nice day!

Randall, I am new to Asterisk, can you explain to me what you mean by "Do not force answer"? And, if the called party does not pickup, I don't get charged right? Thank You

Damn...that was easy. Scary easy.

Everything worked on a SIPGate trunk until I tried advanced-flood.py. SIPGate only allows you to set incoming caller ID through their API (though you can set the outgoing ID on their web interface). They're a great ITSP in all other respects, but I did end up setting up a free Flowroute account to run the attack successfully. (It took me 5 minutes from signing up to running the script. Like I said, scary easy).

Now the biggest issue is how do you connect to the ITSP anonymously? I'm using Trixbox and tried setting "outboundproxy=192.168.1.106 port=9050" (TOR proxy on another local box) After I applied the configuration changes I was unable to place any calls. I'll spend some more time on it and post back if I figure it out.

This is great, i used it to flood my own phone lines! Truly scary stuff considering the fact that anyone could be able to use this! I have a request, could you post something similar to this, but using it to DoS a computer instead? Thanks, George

This is great, i used it to flood my own phone lines! Truly scary stuff considering the fact that anyone could be able to use this! I have a request, could you post something similar to this, but using it to DoS a computer instead? Thanks, George

Thanks for publishing this code. My business is being victimized by this type of attack. Do you have a script for me to stop it or trace it?