[asterisk-users] Hacked by Microsoft?
J Gao
jgao at veecall.com
Wed Nov 28 18:45:59 CST 2012
This morning someone tried to make sip call through my Asterisk. My
server just drop these calls and record them in CDR with IP address:
2012-11-28 06:30:51 SIP/216... 1000 "1000" <1000> Hangup
999011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239
2. 2012-11-28 06:30:49 SIP/216... 1000 "1000" <1000> Hangup
88011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239
3. 2012-11-28 06:30:46 SIP/216... 1000 "1000" <1000> Answer
99011972592249388 ANSWERED 00:02
4. 2012-11-28 06:30:43 SIP/216... 1000 "1000" <1000> Answer
1011972592249388 ANSWERED 00:02
5. 2012-11-28 06:30:39 SIP/216... 1000 "1000" <1000> Hangup
2011972592249388 ANSWERED 00:00 Hacker: 168.63.67.239
6. 2012-11-28 06:30:33 SIP/216... 1000 "1000" <1000> Hangup
7011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239
7. 2012-11-28 06:30:30 SIP/216... 1000 "1000" <1000> Answer
8011972592249388 ANSWERED 00:03
8. 2012-11-28 06:30:27 SIP/216... 1000 "1000" <1000> Hangup
9011972592249388 ANSWERED 00:06 Hacker: 168.63.67.239
9. 2012-11-28 06:30:25 SIP/216... 1000 "1000" <1000> Answer
011972592249388 ANSWERED 00:07
Now I noticed something interesting: The hacker's IP address: 168.63.67.239
whois gave me:
NetRange: 168.61.0.0 - 168.63.255.255
CIDR: 168.61.0.0/16, 168.62.0.0/15
OriginAS:
NetName: MSFT-EP
NetHandle: NET-168-61-0-0-1
Parent: NET-168-0-0-0-0
NetType: Direct Assignment
RegDate: 2011-06-22
Updated: 2012-10-16
Ref: http://whois.arin.net/rest/net/NET-168-61-0-0-1
OrgName: Microsoft Corp
OrgId: MSFT-Z
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 2011-06-22
Updated: 2011-06-22
Ref: http://whois.arin.net/rest/org/MSFT-Z
hmmmmmmm.... Did I just hacked by Micro$oft?
Gao
--
More information about the asterisk-users
mailing list