[nsp-sec] VoIP pwnage tool, recognise it?
Scott A. McIntyre
scott at xs4all.net
Fri May 28 09:51:37 EDT 2010
Hi all,
Seeing some automated (80+ in one second (!!)) SIP registration taking
place against various infrastructures. It seems to be an automated
tool, and the list of SIP registrations it's aiming for are:
3499802430
3888961308
admin
100
info
101
test
102
postmaster
103
sales
104
service
105
support
106
marketing
107
manager
108
market
109
server
110
111
spam
112
user
data
113
cpanel
trixbox
114
news
115
fax
116
postfix
117
owner
118
client
119
operator
120
121
asterisk
oracle
122
temp
123
jobs
124
shop
125
help
126
orders
127
aaron
128
steve
129
dave
130
paul
131
andrew
132
robert
133
matthew
134
james
135
jane
136
tom
137
ben
138
jeff
139
adam
In this case, the attack came from:
13213 | 83.170.69.14 | UK2NET-AS UK-2 Ltd Autonomous System
But it feels like a kit/tool and well automated.
Anyone recognise it?
Cheers,
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list