[asterisk-users] Attempted SIP connection by foreign host. Help!

Gordon Henderson gordon+asterisk at drogon.net
Tue Aug 24 08:22:27 CDT 2010

On Tue, 24 Aug 2010, Shaun Wingrin wrote:

> Say,
> I just picked this up on my messages!
> There are a whole host of these requests!
> Anyone know whow there people are? Is there a way to report them?
> Any suggestions as to how to block them?

Why don't you read the fine archives?

This has been going on for months to almost everyone.

> Tracing route to 184-106-217-112.static.cloud-ips.com []

Oh look, yet another "cloud" provider has had one of their servers hacked.

Google for sipvicious if you want to know what they're using - and, I'm 
told, they're doing this to try to get free calls - surprise.

If you search the archives you'll find plenty of solutions - the best is 
to have good, secure passwords which are not susceptable to a dictionary 
attack. There are also things like fail2ban which will hopefully detect an 
attack and block it - however some older versions of sipvicious will 
simply carry on scanning and trying, even though you're firewalled out, so 
it'll still consume bandwidth.

I'm sure the author of sipvicious (who reads this list) probably didn't 
intend it to be used as a stealing tool, but if he hadn't written it, 
someone else would have.


More information about the asterisk-users mailing list