[asterisk-users] Protect yourself
gordon+asterisk at drogon.net
Sun Aug 29 04:59:44 CDT 2010
On Fri, 27 Aug 2010, Bryant Zimmerman wrote:
> Hey all
> We are seeing intrusion attempts coming from address 126.96.36.199
> today They were hitting our switches trying to get in. So we blocked
> them at our firewall.
> Just wanted to put the word out so you all can protect your self.
You must be new here...
This sort of thing has been going on for months - years. Read the
Right now, I have a telco in Romania deliberately trying to hack into
several of my client sites - they must have bandwidth to spare, as even
with firewalling, they're still going strong.
At least, I'm assuming it's a telco - it's definitely a telephone/ISPs
company's computer that is the source and it doesn't look like a generic
server/cloud type VPS thing either. It seems to be owned by "iLink
Telecom" whoever they are - so I'm assuming this is a dodgy eastern
European telco trying to steal free calls from the rest of the world.
The sad thing is that they're running the old, fucked-up version of
sipvicious - the one that keeps on trying, even when it's firewalled out.
It's been going on to several of my sites for over 3 days now - it peaked
on one site at 1.5Mb/sec, but it's averaging 400-500Kbps to each site
The site is 188.8.131.52 which maps to terminators.micos.ro. Hm. just
noticed this morning that there are at least 2 separate attacks to one
particular host of mine. Ah well. All their succeeding in doing is wasting
their own bandwidth. Hope they have to pay for it.
More information about the asterisk-users