[nsp-sec] voip hacking?
Russell Fulton
r.fulton at auckland.ac.nz
Wed Oct 12 05:16:55 EDT 2011
We have been seeing large amounts of sipvicious scans hitting our firewall for at least a year with 100s of IPs hitting our /16 every day.
There are at least two other we see as well but sipvicious is by far the most prevalent.
Russell
On 12/10/2011, at 8:04 AM, Stephen Gill wrote:
> ----------- nsp-security Confidential --------
>
> Following up on this - thanks to some sleuthing at a provider it appears
> that most cases on their end are due to the use of Sipvicious.
>
> Also for your amusement, one box had this nice welcome message.
>
> [ .. ]
>
> Last login: Tue Oct 11 20:54:47 2011 from 188.161.245.3
> -bash: echo
> ============================
> || Voip Search Server ||
> || Hossam Ahmed ||
> || hossam1919 at hotmail.com ||
> || 0599244623 ||
> || Buy Now Only 200 NIS ||
> ============================
> : command not found
> [root at HAMDY ~]#
>
> [ .. ]
>
> Appears to be this guy perhaps:
>
> http://twitter.com/#!/hossampal1
> affiliated here - http://www.elktron.com/online/
>
> Not sure if he paid for the box or got in via SSH scanning. There was a lot
> of activity coming from 188.161/16.
>
> It would be fun if some LE could pay him a visit after building up their own
> case, sans atribution.
>
> Enjoy!
>
> -- steve
>
> --
> Stephen Gill, Chief Scientist, Team Cymru
> http://www.team-cymru.org | +1 (847) 378-3323 | gillsr at cymru.com
>
> We just launched our new Training Practice, see
> http://www.team-cymru.com/Services/Training/
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list