<div dir="ltr">An attacker is scanning my Asterisk Switch to gain illegitimate access to VoIP call functionality.<br><br><br>Using a sip scanning tool, <b>it</b> sends REGISTERs with random identities. And when it discovers one identity subscribed in my switch, it tries to authenticate with random passwords using this user name.<br>
<br><br>For the moment, I have replaced this account. And also blocked the IP it has used but each time it tries to use another IP to scan again.<br><br><br>Following is a sample REGISTER request sent by it to my switch (I have hidden some info).<br>
<br><br>REGISTER sip:xx.xx.xx.xx SIP/2.0<br><b>Via: SIP/2.0/UDP 127.0.1.1:5061;branch=xxxxxxxxx</b><b>-xxxxxxxxx</b><b>;rport</b><br>Content-Length: 0<br>From: "xxxxxxxxx" <sip:xxxxxxxxx@xx.xx.xx.xx><br>Accept: application/sdp<br>
<b>User-Agent: friendly-scanner</b><br>To: "xxxxxxxxx" <sip:xxxxxxxxx@xx.xx.xx.xx><br><b>Contact: <a href="mailto:sip%3A123@1.1.1.1">sip:123@1.1.1.1</a></b><br>CSeq: 1 REGISTER<br>Call-ID: 4244603463<br>Max-Forwards: 70<br>
<br><br><br><br>Please help me resolve this problem.<br></div>