[asterisk-users] Protect yourself

Gordon Henderson gordon+asterisk at drogon.net
Sun Aug 29 04:59:44 CDT 2010


On Fri, 27 Aug 2010, Bryant Zimmerman wrote:

> Hey all
>
> We are seeing intrusion attempts coming from address 201.47.236.122 
> today They were hitting our switches trying to get in. So we blocked 
> them at our firewall.
>
> Just wanted to put the word out so you all can protect your self.

You must be new here...

This sort of thing has been going on for months - years. Read the 
archives )-:

Right now, I have a telco in Romania deliberately trying to hack into 
several of my client sites - they must have bandwidth to spare, as even 
with firewalling, they're still going strong.

At least, I'm assuming it's a telco - it's definitely a telephone/ISPs 
company's computer that is the source and it doesn't look like a generic 
server/cloud type VPS thing either. It seems to be owned by "iLink 
Telecom" whoever they are - so I'm assuming this is a dodgy eastern 
European telco trying to steal free calls from the rest of the world.

The sad thing is that they're running the old, fucked-up version of 
sipvicious - the one that keeps on trying, even when it's firewalled out. 
It's been going on to several of my sites for over 3 days now - it peaked 
on one site at 1.5Mb/sec, but it's averaging 400-500Kbps to each site 
right now.

The site is 85.120.71.160 which maps to terminators.micos.ro. Hm. just 
noticed this morning that there are at least 2 separate attacks to one 
particular host of mine. Ah well. All their succeeding in doing is wasting 
their own bandwidth. Hope they have to pay for it.

Gordon



More information about the asterisk-users mailing list