Hello, looks like sipvicous. there is allready a new version to break such attacks using sipvicous.
http://blog.sipvicious.org/ best regards. steve smith mosbah abdelkader schrieb: > An attacker is scanning my Asterisk Switch to gain illegitimate access > to VoIP call functionality. > > > Using a sip scanning tool, *it* sends REGISTERs with random > identities. And when it discovers one identity subscribed in my > switch, it tries to authenticate with random passwords using this user > name. > > > For the moment, I have replaced this account. And also blocked the IP > it has used but each time it tries to use another IP to scan again. > > > Following is a sample REGISTER request sent by it to my switch (I have > hidden some info). > > > REGISTER sip:xx.xx.xx.xx SIP/2.0 > *Via: SIP/2.0/UDP 127.0.1.1:5061;branch=xxxxxxxxx**-xxxxxxxxx**;rport* > Content-Length: 0 > From: "xxxxxxxxx" <sip:xxxxxx...@xx.xx.xx.xx> > Accept: application/sdp > *User-Agent: friendly-scanner* > To: "xxxxxxxxx" <sip:xxxxxx...@xx.xx.xx.xx> > *Contact: sip:1...@1.1.1.1 <mailto:sip%3a...@1.1.1.1>* > CSeq: 1 REGISTER > Call-ID: 4244603463 > Max-Forwards: 70 > > > > > Please help me resolve this problem. -- Für weitere Fragen stehen wir gerne unter v...@sil.at oder 059944 - 2440 zur Verfügung. Mit freundlichen Grüssen -- Stefan Schmidt Sysadmin/VOIP // v...@sil.at // Tel 059944-2440// ------------------------------------------------- SILVER SERVER GmbH // Lorenz-Mandl-Gasse 33/1 // A-1160 Wien // Fax 059944-9000 // www.sil.at // ------------------------------------------------- -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
