[asterisk-users] Attempted SIP connection by foreign host. Help!
gordon+asterisk at drogon.net
Tue Aug 24 08:22:27 CDT 2010
On Tue, 24 Aug 2010, Shaun Wingrin wrote:
> I just picked this up on my messages!
> There are a whole host of these requests!
> Anyone know whow there people are? Is there a way to report them?
> Any suggestions as to how to block them?
Why don't you read the fine archives?
This has been going on for months to almost everyone.
> Tracing route to 184-106-217-112.static.cloud-ips.com [18.104.22.168]
Oh look, yet another "cloud" provider has had one of their servers hacked.
Google for sipvicious if you want to know what they're using - and, I'm
told, they're doing this to try to get free calls - surprise.
If you search the archives you'll find plenty of solutions - the best is
to have good, secure passwords which are not susceptable to a dictionary
attack. There are also things like fail2ban which will hopefully detect an
attack and block it - however some older versions of sipvicious will
simply carry on scanning and trying, even though you're firewalled out, so
it'll still consume bandwidth.
I'm sure the author of sipvicious (who reads this list) probably didn't
intend it to be used as a stealing tool, but if he hadn't written it,
someone else would have.
More information about the asterisk-users