I always thought Sip Vicious only does numbers ( 0 - 100NNNN ) not Numberic-Alpha ( 100-MySipUserName ).
To make my situation more interesting is that I also have fail2ban installed banning after 5 failed attempts. This hijack is only happening to an extension on the honeypot audiocodes with the sip reg authenticating back to my honey pot asterisk which is why I thought it might be a vulnerability in the audiocodes. However, the hijacker manages to make it past the fail2ban and gets the sip reg. I see sipvicious attempts all the time where they run checks against extensions 0 - 9999. Sometimes I see alpha extension name attempts but I do not know how that's done. --E -----Original Message----- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Alejandro Imass Sent: Friday, January 20, 2012 11:10 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Sip Registration Hijacking On Thu, Jan 19, 2012 at 8:36 PM, eherr <email.eherr9...@gmail.com> wrote: > I have a honey pot box with extensions that are not just numbers ie ) > > > > 100-MySipUserName > > > I have the same problem and I use contactpermit with specific ip blocks! I know for a fact I'm getting hijacked by sip vicious on extension 100 but I can't understand how because I don't even have an extension 100 declared anywhere. I would like to know how to block this MF because he makes calls at 1-2 AM -- Alejandro Imass -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
