[asterisk-dev] SIP now target of botnets?

Philip Prindeville philipp_subx at redfish-solutions.com
Mon Oct 10 12:40:13 CDT 2011 

Going through my logs this morning, I saw:

Oct  9 02:58:22 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (75.125.238.10:5060) to extension '23271281566230' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:23 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (125.198.4.61:5060) to extension '00442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:23 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (95.131.86.102:5060) to extension '000442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:24 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (18.34.95.140:5060) to extension '0000442035199439' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:25 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (81.30.133.230:5060) to extension '0442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:26 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (44.180.13.28:5060) to extension '+00442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:28 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (44.221.65.188:5060) to extension '900442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:30 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (69.178.122.254:5060) to extension '9000442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:31 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (80.220.25.136:5060) to extension '+900442035199439' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:32 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (125.199.62.179:5060) to extension '*442035199439' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:33 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (118.29.80.113:5060) to extension '+442035199439' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:37 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (50.73.196.71:5060) to extension '+011442035199439' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:39 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (112.228.186.231:5060) to extension '+9011442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:41 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (121.131.152.7:5060) to extension '+0011442035199439' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:45 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (58.248.230.53:5060) to extension '4011442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:46 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (126.139.168.191:5060) to extension '5011442035199439' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:47 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (44.81.91.190:5060) to extension '6011442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:49 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (41.213.16.40:5060) to extension '8011442035199440' rejected because extension not found in context 'INVALID'.
Oct  9 02:58:52 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (115.194.189.56:5060) to extension '442035199439' rejected because extension not found in context 'INVALID'.


interesting that within seconds, I got a bunch of attacks for the same groups of numbers, from machines in multiple different countries.

My conclusion is that SIP is now one of the attack surfaces of botnets, and not just lone hackers looking for free phone service.

Anyone else seeing this?

-Philip

More information about the asterisk-dev mailing list