[nsp-sec] VoIP pwnage tool, recognise it?
Rob Thomas
robt at cymru.com
Fri May 28 20:30:24 EDT 2010
Hey, Scott.
> Seeing some automated (80+ in one second (!!)) SIP registration taking
> place against various infrastructures. It seems to be an automated
> tool, and the list of SIP registrations it's aiming for are:
I'm not familiar with this tool, though we'll continue to hunt for it.
> In this case, the attack came from:
>
> 13213 | 83.170.69.14 | UK2NET-AS UK-2 Ltd Autonomous System
The Linux web server on 83.170.69.14 has angered at least one other
online criminal, who responded with a SYN attack against it on
2010-05-14 20:03:30 UTC.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list