[nsp-sec] VoIP scanning/abuse -> MyCERT/TTNET-MY
White, Gerard
Gerard.White at aliant.ca
Fri Jun 13 05:30:04 EDT 2008
Heh... Looks like Piradius is up to no good on several fronts :)
While you're at it, block/flag these (from the same 124.217.240.0/20) as
well:
124.217.248.143
124.217.249.5
124.217.249.240
Tanks for the insight ;)
GW
855 - Bell Aliant
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Nicolas FISCHBACH
> Sent: Friday, June 13, 2008 6:23 AM
> To: nsp-security NSP
> Subject: [nsp-sec] VoIP scanning/abuse -> MyCERT/TTNET-MY
>
> ----------- nsp-security Confidential --------
>
> Hi,
>
> VoIP scanning and abuse is a reality (but that's no news ;-)
>
> .44 is a Cisco CME that has been mostly "naked" on the Internet (with
no
> need to have an account for H.323/SIP/SCCP) for a couple of days in
one of
> our test labs.
>
> Someone in Malaysia seems to have lots of friends in Cuba (or is
playing
> VoIP->TDM/PSTN gateway for them).
>
> *Jun 13 08:11:59.805: %SEC-6-IPACCESSLOGP: list 123 denied udp
> 124.217.252.167(5060) -> 213.27.203.44(5060), 2 packets
>
> Timestamp is UTC.
>
> goldorak(nico):~$ /usr/sbin/traceroute 124.217.252.167
> [...]
> 11 203.121.72.52 (203.121.72.52) 304.547 ms 305.641 ms
203.208.190.98
> (203.208.190.98) 215.066 ms
> 12 124.217.252.167 (124.217.252.167) 332.221 ms 324.344 ms
> ge-2-0-6.glsfb02.icr.time.net.my (203.121.99.13) 321.021 ms
>
> AS | IP | AS Name
> 9930 | 124.217.252.167 | TTNET-MY TIMEdotNet Berhad
>
> This not urgent nor of high importance, just fun on a Friday morning
:)
>
> Nico.
> --
> Nicolas FISCHBACH
> Senior Manager - Network Engineering/Security - COLT Telecom
> e:(nico at securite.org) w:<http://www.securite.org/nico/>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
> community. Confidentiality is essential for effective Internet
security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list