[VoiceOps] Strange attacks over the weekend
Sjur Eivind Usken
sjur at usken.no
Mon Nov 1 17:25:59 EDT 2010
Hi,
We in the Honeynet Project has been following this for the last 4-5 months.
We call it sundayddr because of the User-Agent.
Ben in Australia has written more about it here:
http://honeynet.org.au/
I have also written about it here (back in July)
http://www.usken.no/2010/07/using-botnets-to-do-sip-scanning/
It is a botnet client with both a SSH and a SIP scanner (based on SIPVicious
by Sandro Gauci) (www.sipvicious.org)
Most infected machines doing this scanning are located in China
contact me if you need any more information.
cheers
sjur
www.usken.no
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20101101/e5e3ce53/attachment.html>
More information about the VoiceOps
mailing list