Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

Monthly Archives: April 2010

Extreme SIP scanning latest week


There have never been so many SIP scannings in so short time for all my VoIP honeypots.They have tried all types, INVITES, REGISTER, SUBSCRIBES and OPTIONS.  A short list of some of the attackes latest 48 hours. Normally just doing a couple hundred extensions and passwords, some of these IPs trying up to 10 000 different extensions/passwords.

IP addresses [User-agent] Provider

119.147.116.157    [Asterisk]
193.47.153.14         [SIPVicious]
86.47.46.147          [First SIPVicious, then SIPPER for PhonerLite]
174.143.245.120  [SIPVicious]
174.129.52.240    [SIPVicious]     Amazone EC2
24.190.38.4            [SIPVicious]

So keep your systems ready for the flood to come! This is just the start.