Using botnets to do SIP scanning
July 11, 2010
Posted by on
The lastest week there has been a tremendous SIP scanning from IPs all over the world latest week. The scannings are coming from a lot of IPs but the same signature, so it is probably only one person/firm behind this.
The scanning is this:
OPTIONS sip:100@X.X.X.X SIP/2.0
Via: SIP/2.0/UDP 192.168.1.9:5060;branch=
From: “sipsscuser”<sip:firstname.lastname@example.org>; tag=01669016334862887007103185718785156498385702949
CSeq: 1 OPTIONS
The lay-out of the OPTIONS messages is the same as in SIPVicious
scannings, so the author has taken this python code and just changed the User-Agent.
And this is just the beginning….