[asterisk-dev] SIP now target of botnets?

Kevin P. Fleming kpfleming at digium.com
Mon Oct 10 12:43:12 CDT 2011


On 10/10/2011 12:40 PM, Philip Prindeville wrote:
> Going through my logs this morning, I saw:
>
> Oct  9 02:58:22 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (75.125.238.10:5060) to extension '23271281566230' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:23 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (125.198.4.61:5060) to extension '00442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:23 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (95.131.86.102:5060) to extension '000442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:24 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (18.34.95.140:5060) to extension '0000442035199439' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:25 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (81.30.133.230:5060) to extension '0442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:26 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (44.180.13.28:5060) to extension '+00442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:28 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (44.221.65.188:5060) to extension '900442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:30 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (69.178.122.254:5060) to extension '9000442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:31 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (80.220.25.136:5060) to extension '+900442035199439' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:32 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (125.199.62.179:5060) to extension '*442035199439' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:33 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (118.29.80.113:5060) to extension '+442035199439' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:37 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (50.73.196.71:5060) to extension '+011442035199439' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:39 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (112.228.186.231:5060) to extension '+9011442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:41 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (121.131.152.7:5060) to extension '+0011442035199439' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:45 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (58.248.230.53:5060) to extension '4011442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:46 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (126.139.168.191:5060) to extension '5011442035199439' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:47 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (44.81.91.190:5060) to extension '6011442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:49 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (41.213.16.40:5060) to extension '8011442035199440' rejected because extension not found in context 'INVALID'.
> Oct  9 02:58:52 pbx local0.notice asterisk[29752]: NOTICE[29780]: chan_sip.c:22109 in handle_request_invite: Call from '' (115.194.189.56:5060) to extension '442035199439' rejected because extension not found in context 'INVALID'.
>
>
> interesting that within seconds, I got a bunch of attacks for the same groups of numbers, from machines in multiple different countries.
>
> My conclusion is that SIP is now one of the attack surfaces of botnets, and not just lone hackers looking for free phone service.
>
> Anyone else seeing this?

Is this a development question? If not, please move it to 
asterisk-users, where the population of people that will see it and 
could respond will also be substantially higher.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-dev mailing list