[asterisk-users] Paltel subscribers as called parties for SIP attacks
Giles Coochey
giles at coochey.net
Thu Aug 8 07:04:16 CDT 2013
On 07/08/2013 00:57, Philip Prindeville wrote:
> On Aug 6, 2013, at 2:59 PM, Chris Bagnall <asterisk at lists.minotaur.cc> wrote:
>
>> FWIW, we routinely see dodgy traffic from:
>>> ovh.net
>>> hetzner.de
>>
I missed the original thread, but I see a lot of attempts from the
37.8.0.0 - 37.8.63.255 range of IPs.
I use the Fail2Ban set up in FreePBX, together with this (
http://www.coochey.net/?p=61 ) customisation which effectively firewalls
off the IPs that attempt to register.
Given the propensity of connect attempts, however, I am considering just
blocking the entire range.
It might just be a small group of people scanning the range from a
dynamic IP, and the 972 number might just be a test number they have set
up to see if it connects, their actual aim is probably financial (e.g.
to call a premium rate number that collects the call charges to a
front). It's possible someone might be wanting to set up covert,
untrackable communications channels, but unlikely in my opinion.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles at coochey.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4755 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130808/f7233747/attachment.bin>
More information about the asterisk-users
mailing list