Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

Extreme SIP scanning latest week

There have never been so many SIP scannings in so short time for all my VoIP honeypots.They have tried all types, INVITES, REGISTER, SUBSCRIBES and OPTIONS.  A short list of some of the attackes latest 48 hours. Normally just doing a couple hundred extensions and passwords, some of these IPs trying up to 10 000 different extensions/passwords.

IP addresses [User-agent] Provider    [Asterisk]         [SIPVicious]          [First SIPVicious, then SIPPER for PhonerLite]  [SIPVicious]    [SIPVicious]     Amazone EC2            [SIPVicious]

So keep your systems ready for the flood to come! This is just the start.

One response to “Extreme SIP scanning latest week

  1. Koos van den Hout May 26, 2010 at 5:36 pm

    And new floods coming in, up to the level of generating enough traffic from to fill up my ADSL link, noted in
    At least that IP stopped scanning me completely the next Monday, I hope someone cleaned a hacked PC.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: