[nsp-sec] VoIP scanning/abuse -> MyCERT/TTNET-MY
Nicolas FISCHBACH
nicolist at securite.org
Fri Jun 13 04:53:10 EDT 2008
Hi,
VoIP scanning and abuse is a reality (but that's no news ;-)
.44 is a Cisco CME that has been mostly "naked" on the Internet (with no
need to have an account for H.323/SIP/SCCP) for a couple of days in one of
our test labs.
Someone in Malaysia seems to have lots of friends in Cuba (or is playing
VoIP->TDM/PSTN gateway for them).
*Jun 13 08:11:59.805: %SEC-6-IPACCESSLOGP: list 123 denied udp
124.217.252.167(5060) -> 213.27.203.44(5060), 2 packets
Timestamp is UTC.
goldorak(nico):~$ /usr/sbin/traceroute 124.217.252.167
[...]
11 203.121.72.52 (203.121.72.52) 304.547 ms 305.641 ms 203.208.190.98
(203.208.190.98) 215.066 ms
12 124.217.252.167 (124.217.252.167) 332.221 ms 324.344 ms
ge-2-0-6.glsfb02.icr.time.net.my (203.121.99.13) 321.021 ms
AS | IP | AS Name
9930 | 124.217.252.167 | TTNET-MY TIMEdotNet Berhad
This not urgent nor of high importance, just fun on a Friday morning :)
Nico.
--
Nicolas FISCHBACH
Senior Manager - Network Engineering/Security - COLT Telecom
e:(nico at securite.org) w:<http://www.securite.org/nico/>
More information about the nsp-security
mailing list