[nsp-sec] voip hacking?
Stephen Gill
gillsr at cymru.com
Tue Oct 11 15:04:42 EDT 2011
Following up on this - thanks to some sleuthing at a provider it appears
that most cases on their end are due to the use of Sipvicious.
Also for your amusement, one box had this nice welcome message.
[ .. ]
Last login: Tue Oct 11 20:54:47 2011 from 188.161.245.3
-bash: echo
============================
|| Voip Search Server ||
|| Hossam Ahmed ||
|| hossam1919 at hotmail.com ||
|| 0599244623 ||
|| Buy Now Only 200 NIS ||
============================
: command not found
[root at HAMDY ~]#
[ .. ]
Appears to be this guy perhaps:
http://twitter.com/#!/hossampal1
affiliated here - http://www.elktron.com/online/
Not sure if he paid for the box or got in via SSH scanning. There was a lot
of activity coming from 188.161/16.
It would be fun if some LE could pay him a visit after building up their own
case, sans atribution.
Enjoy!
-- steve
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.team-cymru.org | +1 (847) 378-3323 | gillsr at cymru.com
We just launched our new Training Practice, see
http://www.team-cymru.com/Services/Training/
More information about the nsp-security
mailing list