[asterisk-biz] Bad routign or hack attempt ?

Thu May 14 09:15:47 CDT 2009

Here is the trace.. please DEVs... add a reporting option to sip stack that
will report on that ip , or something..
This guy has been hacking alot of servers and is currently under FBI
investigation
You see he's using s=Asterisk PBX 1.6.0.5.

U 2009/05/14 06:42:17.973715 93.190.143.10:5060 -> 174.x.x.x:5060
INVITE sip:98103619990127 at 174.x.x.xSIP/2.0.
Via: SIP/2.0/UDP 93.190.143.10:5060;branch=z9hG4bK3f5cffbb;rport.
Max-Forwards: 70.
From: "MeucciSolutions" <sip:MeucciSolutions at 93.190.143.10>;tag=as123b6c7b.
To: <sip:98103619990127 at 174.x.x.x>.
Contact: <sip:MeucciSolutions at 93.190.143.10>.
Call-ID: 271aa7a750168cf60a36ad654a713caa at 93.190.143.10.
CSeq: 102 INVITE.
User-Agent: MeucciSolutions.
Date: Thu, 14 May 2009 10:42:25 GMT.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Supported: replaces, timer.
Content-Type: application/sdp.
Content-Length: 287.
.
v=0.
o=root 634218215 634218215 IN IP4 93.190.143.10.
s=Asterisk PBX 1.6.0.5.
c=IN IP4 93.190.143.10.
t=0 0.
m=audio 10990 RTP/AVP 8 0 101.
a=rtpmap:8 PCMA/8000.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.
a=ptime:20.
a=sendrecv.

>>-----Original Message-----
>>From: asterisk-biz-bounces at lists.digium.com [mailto:asterisk-biz-
>>bounces at lists.digium.com] On Behalf Of Elliot Otchet
>>Sent: May-13-09 7:43 PM
>>To: 'asterisk-biz at lists.digium.com'
>>Subject: Re: [asterisk-biz] Bad routign or hack attempt ?
>>
>>Agreed.  We've seen it too.
>>
>>Pardon the typos, my Blackberry has small buttons.
>>Elliot Otchet
>>Calling Circles LLC
>>
>>----- Original Message -----
>>From: asterisk-biz-bounces at lists.digium.com <asterisk-biz-
>>bounces at lists.digium.com>
>>To: Commercial and Business-Oriented Asterisk Discussion <asterisk-
>>biz at lists.digium.com>
>>Sent: Wed May 13 19:27:03 2009
>>Subject: Re: [asterisk-biz] Bad routign or hack attempt ?
>>
>>
>>Hack attempt 100%. Ban it.
>>
>>--- On Wed, 5/13/09, ContactTel Business <lists at contacttel.com> wrote:
>>
>>> From: ContactTel Business <lists at contacttel.com>
>>> Subject: [asterisk-biz] Bad routign or hack attempt ?
>>> To: "'Commercial and Business-Oriented Asterisk Discussion'"
>><asterisk-biz at lists.digium.com>
>>> Date: Wednesday, May 13, 2009, 7:05 PM
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Seems someone at MeucciSolutions at 93.190.143.10
>>> could be trying to break in ..
>>>
>>>
>>>
>>> Anyone have heard of any of the 2
>>> parts of the uri ?
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> -----Inline Attachment Follows-----
>>>
>>> _______________________________________________
>>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>>
>>> asterisk-biz mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>    http://lists.digium.com/mailman/listinfo/asterisk-biz
>>
>>_______________________________________________
>>--Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>>asterisk-biz mailing list
>>To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-biz
>>
>>This message is intended only for the use of the individual (s) or
>>entity to which it is addressed and may contain information that is
>>privileged, confidential, and/or proprietary to Calling Circles LLC and
>>its affiliates. If the reader of this message is not the intended
>>recipient, you are hereby notified that any dissemination,
>>distribution, forwarding or copying of this communication is prohibited
>>without the express permission of the sender. If you have received this
>>communication in error, please notify the sender immediately and delete
>>the original message.
>>_______________________________________________
>>--Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>>asterisk-biz mailing list
>>To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-biz