[asterisk-users] My Switch is being attacked using sip scanner tool (Service Abuse Attack)
Stefan Schmidt
sst at sil.at
Thu Jul 22 06:06:55 CDT 2010
Hello,
looks like sipvicous. there is allready a new version to break such
attacks using sipvicous.
http://blog.sipvicious.org/
best regards.
steve smith
mosbah abdelkader schrieb:
> An attacker is scanning my Asterisk Switch to gain illegitimate access
> to VoIP call functionality.
>
>
> Using a sip scanning tool, *it* sends REGISTERs with random
> identities. And when it discovers one identity subscribed in my
> switch, it tries to authenticate with random passwords using this user
> name.
>
>
> For the moment, I have replaced this account. And also blocked the IP
> it has used but each time it tries to use another IP to scan again.
>
>
> Following is a sample REGISTER request sent by it to my switch (I have
> hidden some info).
>
>
> REGISTER sip:xx.xx.xx.xx SIP/2.0
> *Via: SIP/2.0/UDP 127.0.1.1:5061;branch=xxxxxxxxx**-xxxxxxxxx**;rport*
> Content-Length: 0
> From: "xxxxxxxxx" <sip:xxxxxxxxx at xx.xx.xx.xx>
> Accept: application/sdp
> *User-Agent: friendly-scanner*
> To: "xxxxxxxxx" <sip:xxxxxxxxx at xx.xx.xx.xx>
> *Contact: sip:123 at 1.1.1.1 <mailto:sip%3A123 at 1.1.1.1>*
> CSeq: 1 REGISTER
> Call-ID: 4244603463
> Max-Forwards: 70
>
>
>
>
> Please help me resolve this problem.
--
Für weitere Fragen stehen wir gerne unter voip at sil.at oder
059944 - 2440 zur Verfügung.
Mit freundlichen Grüssen
--
Stefan Schmidt
Sysadmin/VOIP // voip at sil.at // Tel 059944-2440//
-------------------------------------------------
SILVER SERVER GmbH // Lorenz-Mandl-Gasse 33/1 //
A-1160 Wien // Fax 059944-9000 // www.sil.at //
-------------------------------------------------
More information about the asterisk-users
mailing list