05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: chan_sip.c: 15236 in handle_request_register: Registration from '"9997"<sip:9...@67.102.112.55 >' failed for '174.137.49.78' - No matching peer found Mar 24 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: chan_sip.c:15236 in handle_request_register: Registration from '"9998"<sip:9...@67.102.112.55 >' failed for '174.137.49.78' - No matching peer found Mar 24 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: chan_sip.c:15236 in handle_request_register: Registration from '"9999"<sip:9...@67.102.112.55 >' failed for '174.137.49.78' - No matching peer found So 174.137.49.78 (78.49.137.174.in-addr.arpa. 86400 IN PTR unknown.caratnetworks.com.) was attempting to register with my Astlinux box on all possible 4 digit extensions. Fortunately for me my extensions are all alpha-numeric and all longer than 4 characters. I just checked and none of them look like a dictionary attack would work either.
Anyway, I don't know how common this is. But it is the first time I have noticed malicious SIP registration attempts. I do get a huge number of that type of thing on my firewall for things link ssh. I just hadn't seen it before for SIP.
Cheers, Tod
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
