[VoiceOps] SIP Scan
Lee Riemer
LRiemer at bestline.net
Fri Oct 28 13:29:55 EDT 2011
They are probably creating a list of potential victims. Anything replying SIP on port 5060 gets added. Then you get the (not so)friendly-scanner.
Lee Riemer
> -----Original Message-----
> From: Stappenbeck, Mark [mailto:MStappenbeck at allworx.com]
> Sent: Friday, October 28, 2011 11:27 AM
> To: Lee Riemer
> Cc: VoiceOps
> Subject: RE: [VoiceOps] SIP Scan
>
> Can't say, just noticed multiple event logs from our PBX's across the country
> receiving a single invite (which we reject as not trusted), and then it moves
> on.
>
> Happened to have 4 servers in a /29 and saw it hit them in IP sequence, then
> was sent some logs from a server from yesterday, and the source IP was in
> the same octet as the other 4 servers.
>
> Thanks Lee -Mark S
>
>
>
> Mark Stappenbeck
> Senior Manager, Technical Support
> Allworx
> 300 Main Street
> East Rochester, NY 14445
> 585-421-5508 Office
> (585) 421-3853 Fax
> mstappenbeck at allworx.com
> www.allworx.com
>
>
>
>
> -----Original Message-----
> From: Lee Riemer [mailto:lriemer at bestline.net]
> Sent: Friday, October 28, 2011 12:21 PM
> To: Stappenbeck, Mark
> Subject: Re: [VoiceOps] SIP Scan
>
> Are they friendly-scanner? If so, nothing unusual...
>
> On 10/28/2011 11:13 AM, Stappenbeck, Mark wrote:
> > Has anyone noticed SIP Invites showing up from IP's in the 91.226.97.0/24
> subnet?
> > Seeing a progessive "scan" targeting our endpoints yesterday and today.
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > VoiceOps mailing list
> > VoiceOps at voiceops.org
> > https://puck.nether.net/mailman/listinfo/voiceops
>
> --
> Lee Riemer
> Director of Technical Operations
> Bestline Communications, L.P.
> Voice 512.328.9095
> Fax 512.328.9095
More information about the VoiceOps
mailing list