[asterisk-users] Hacked by Microsoft?

Steve Totaro stotaro at asteriskhelpdesk.com
Wed Nov 28 22:52:59 CST 2012 

On Wed, Nov 28, 2012 at 7:45 PM, J Gao <jgao at veecall.com> wrote:
> This morning someone tried to make sip call through my Asterisk. My server
> just drop these calls and record them in CDR with IP address:
>
>         2012-11-28 06:30:51     SIP/216...      1000    "1000" <1000>
> Hangup   999011972592249388     ANSWERED        00:01   Hacker:
> 168.63.67.239
> 2.      2012-11-28 06:30:49     SIP/216...      1000    "1000" <1000>
> Hangup   88011972592249388      ANSWERED        00:01   Hacker:
> 168.63.67.239
> 3.      2012-11-28 06:30:46     SIP/216...      1000    "1000" <1000>
> Answer   99011972592249388      ANSWERED        00:02
> 4.      2012-11-28 06:30:43     SIP/216...      1000    "1000" <1000>
> Answer   1011972592249388       ANSWERED        00:02
> 5.      2012-11-28 06:30:39     SIP/216...      1000    "1000" <1000>
> Hangup   2011972592249388       ANSWERED        00:00   Hacker:
> 168.63.67.239
> 6.      2012-11-28 06:30:33     SIP/216...      1000    "1000" <1000>
> Hangup   7011972592249388       ANSWERED        00:01   Hacker:
> 168.63.67.239
> 7.      2012-11-28 06:30:30     SIP/216...      1000    "1000" <1000>
> Answer   8011972592249388       ANSWERED        00:03
> 8.      2012-11-28 06:30:27     SIP/216...      1000    "1000" <1000>
> Hangup   9011972592249388       ANSWERED        00:06   Hacker:
> 168.63.67.239
> 9.      2012-11-28 06:30:25     SIP/216...      1000    "1000" <1000>
> Answer   011972592249388       ANSWERED        00:07
>
> Now I noticed something interesting: The hacker's IP address: 168.63.67.239
>
> whois gave me:
> NetRange:       168.61.0.0 - 168.63.255.255
> CIDR:           168.61.0.0/16, 168.62.0.0/15
> OriginAS:
> NetName:        MSFT-EP
> NetHandle:      NET-168-61-0-0-1
> Parent:         NET-168-0-0-0-0
> NetType:        Direct Assignment
> RegDate:        2011-06-22
> Updated:        2012-10-16
> Ref:            http://whois.arin.net/rest/net/NET-168-61-0-0-1
>
> OrgName:        Microsoft Corp
> OrgId:          MSFT-Z
> Address:        One Microsoft Way
> City:           Redmond
> StateProv:      WA
> PostalCode:     98052
> Country:        US
> RegDate:        2011-06-22
> Updated:        2011-06-22
> Ref:            http://whois.arin.net/rest/org/MSFT-Z
>
>
> hmmmmmmm.... Did I just hacked by Micro$oft?
>
> Gao
>

http://iplocation.truevue.org/168.63.67.239.html

More information about the asterisk-users mailing list