[Spce-user] Under attack :-(

Theo axessofficetheo at gmail.com
Fri Feb 15 03:45:21 EST 2013


Hi

ngrep-sip gives me:

#
U 2013/02/15 10:39:23.432811 173.242.123.148:5266 -> 196.41.123.113:5060
REGISTER sip:196.41.123.113 SIP/2.0'
Via: SIP/2.0/UDP 173.242.123.148:5266;branch=z9hG4bK-2478367181;rport'
Content-Length: 0'
From: "12unknown" <sip:12unknown at 196.41.123.113>'
Accept: application/sdp'
User-Agent: friendly-scanner'
To: "12unknown" <sip:12unknown at 196.41.123.113>'
Contact: sip:123 at 1.1.1.1'
CSeq: 1 REGISTER'
Call-ID: 4123206054'
Max-Forwards: 70'
'
with a script changing the Call-ID a a massive rate. So someone is trying
to register or doing something sinister. This box is not behind a firewall
at this point, just a test box. the IP you see there 173.242.123.148 has
indeed been added to the banned IPs which I guess means nothing is actually
reaching the proxy? Do we just leave it like this until they give up or is
there some other action I should take?

There is no monetary risk at this point for us - this is really just for
testing and all details such as IPs are going to change if and when we
would start using it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20130215/96d4716a/attachment.html>


More information about the Spce-user mailing list