Re: [asterisk-users] Hacked by Microsoft?
On 11/28/2012 9:03 PM, jon pounder wrote: On 11/28/2012 11:52 PM, Steve Totaro wrote: You're not serious right ? That is just the center of the country since no better location is available. On Wed, Nov 28, 2012 at 7:45 PM, J Gao wrote: This morning someone tried to make sip call through my Asterisk. My server just drop these calls and record them in CDR with IP address: Now I noticed something interesting: The hacker's IP address: 168.63.67.239 whois gave me: NetRange: 168.61.0.0 - 168.63.255.255 CIDR: 168.61.0.0/16, 168.62.0.0/15 OriginAS: NetName:MSFT-EP NetHandle: NET-168-61-0-0-1 Parent: NET-168-0-0-0-0 NetType:Direct Assignment RegDate:2011-06-22 Updated:2012-10-16 Ref:http://whois.arin.net/rest/net/NET-168-61-0-0-1 hmmm Did I just hacked by Micro$oft? Gao http://iplocation.truevue.org/168.63.67.239.html I would put it in the North East. In or around New York. With some questionable routing towards the end of its journey. $ traceroute 168.63.67.239 traceroute to 168.63.67.239 (168.63.67.239), 64 hops max, 40 byte packets 1 49.b167.bendtel.net (66.39.167.49) 0.402 ms 0.345 ms 0.320 ms 2 g0-0-0.c1.sea1.bendtel.net (66.39.191.30) 9.896 ms 9.862 ms 9.919 ms 3 six2.microsoft.com (206.81.80.68) 436.893 ms 297.630 ms 211.67 ms 4 ge-1-3-0-57.wst-64cb-1b.ntwk.msn.net (207.46.46.39) 9.850 ms 9.917 ms 9.909 ms 5 xe-0-2-1-0.co1-96c-1a.ntwk.msn.net (207.46.45.216) 14.10 ms 14.37 ms 13.984 ms 6 ge-7-2-0-0.co1-64c-1b.ntwk.msn.net (207.46.40.166) 14.938 ms 15.28 ms 15.75 ms 7 ge-2-0-0-0.nyc-64cb-1a.ntwk.msn.net (207.46.40.91) 83.664 ms 83.821 ms 83.744 ms 8 207.46.45.231 (207.46.45.231) 172.135 ms 160.999 ms 159.25 ms 9 xe-3-0-0-0.db3-96c-1b.ntwk.msn.net (207.46.42.33) 160.677 ms 158.852 ms 158.812 ms 10 10.22.179.127 (10.22.179.127) 160.594 ms 10.22.178.195 (10.22.178.195) 157.664 ms 10.175.44.3 (10.175.44.3) 160.500 ms 11 10.175.46.247 (10.175.46.247) 159.802 ms 159.636 ms 10.175.46.201 (10.175.46.201) 158.802 ms 12 *^C -- Jim Lucas -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hacked by Microsoft?
On 11/28/2012 11:52 PM, Steve Totaro wrote: You're not serious right ? That is just the center of the country since no better location is available. On Wed, Nov 28, 2012 at 7:45 PM, J Gao wrote: This morning someone tried to make sip call through my Asterisk. My server just drop these calls and record them in CDR with IP address: 2012-11-28 06:30:51 SIP/216... 1000"1000" <1000> Hangup 999011972592249388 ANSWERED00:01 Hacker: 168.63.67.239 2. 2012-11-28 06:30:49 SIP/216... 1000"1000" <1000> Hangup 88011972592249388 ANSWERED00:01 Hacker: 168.63.67.239 3. 2012-11-28 06:30:46 SIP/216... 1000"1000" <1000> Answer 99011972592249388 ANSWERED00:02 4. 2012-11-28 06:30:43 SIP/216... 1000"1000" <1000> Answer 1011972592249388 ANSWERED00:02 5. 2012-11-28 06:30:39 SIP/216... 1000"1000" <1000> Hangup 2011972592249388 ANSWERED00:00 Hacker: 168.63.67.239 6. 2012-11-28 06:30:33 SIP/216... 1000"1000" <1000> Hangup 7011972592249388 ANSWERED00:01 Hacker: 168.63.67.239 7. 2012-11-28 06:30:30 SIP/216... 1000"1000" <1000> Answer 8011972592249388 ANSWERED00:03 8. 2012-11-28 06:30:27 SIP/216... 1000"1000" <1000> Hangup 9011972592249388 ANSWERED00:06 Hacker: 168.63.67.239 9. 2012-11-28 06:30:25 SIP/216... 1000"1000" <1000> Answer 011972592249388 ANSWERED00:07 Now I noticed something interesting: The hacker's IP address: 168.63.67.239 whois gave me: NetRange: 168.61.0.0 - 168.63.255.255 CIDR: 168.61.0.0/16, 168.62.0.0/15 OriginAS: NetName:MSFT-EP NetHandle: NET-168-61-0-0-1 Parent: NET-168-0-0-0-0 NetType:Direct Assignment RegDate:2011-06-22 Updated:2012-10-16 Ref:http://whois.arin.net/rest/net/NET-168-61-0-0-1 OrgName:Microsoft Corp OrgId: MSFT-Z Address:One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country:US RegDate:2011-06-22 Updated:2011-06-22 Ref:http://whois.arin.net/rest/org/MSFT-Z hmmm Did I just hacked by Micro$oft? Gao http://iplocation.truevue.org/168.63.67.239.html -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hacked by Microsoft?
On Wed, Nov 28, 2012 at 7:45 PM, J Gao wrote: > This morning someone tried to make sip call through my Asterisk. My server > just drop these calls and record them in CDR with IP address: > > 2012-11-28 06:30:51 SIP/216... 1000"1000" <1000> > Hangup 999011972592249388 ANSWERED00:01 Hacker: > 168.63.67.239 > 2. 2012-11-28 06:30:49 SIP/216... 1000"1000" <1000> > Hangup 88011972592249388 ANSWERED00:01 Hacker: > 168.63.67.239 > 3. 2012-11-28 06:30:46 SIP/216... 1000"1000" <1000> > Answer 99011972592249388 ANSWERED00:02 > 4. 2012-11-28 06:30:43 SIP/216... 1000"1000" <1000> > Answer 1011972592249388 ANSWERED00:02 > 5. 2012-11-28 06:30:39 SIP/216... 1000"1000" <1000> > Hangup 2011972592249388 ANSWERED00:00 Hacker: > 168.63.67.239 > 6. 2012-11-28 06:30:33 SIP/216... 1000"1000" <1000> > Hangup 7011972592249388 ANSWERED00:01 Hacker: > 168.63.67.239 > 7. 2012-11-28 06:30:30 SIP/216... 1000"1000" <1000> > Answer 8011972592249388 ANSWERED00:03 > 8. 2012-11-28 06:30:27 SIP/216... 1000"1000" <1000> > Hangup 9011972592249388 ANSWERED00:06 Hacker: > 168.63.67.239 > 9. 2012-11-28 06:30:25 SIP/216... 1000"1000" <1000> > Answer 011972592249388 ANSWERED00:07 > > Now I noticed something interesting: The hacker's IP address: 168.63.67.239 > > whois gave me: > NetRange: 168.61.0.0 - 168.63.255.255 > CIDR: 168.61.0.0/16, 168.62.0.0/15 > OriginAS: > NetName:MSFT-EP > NetHandle: NET-168-61-0-0-1 > Parent: NET-168-0-0-0-0 > NetType:Direct Assignment > RegDate:2011-06-22 > Updated:2012-10-16 > Ref:http://whois.arin.net/rest/net/NET-168-61-0-0-1 > > OrgName:Microsoft Corp > OrgId: MSFT-Z > Address:One Microsoft Way > City: Redmond > StateProv: WA > PostalCode: 98052 > Country:US > RegDate:2011-06-22 > Updated:2011-06-22 > Ref:http://whois.arin.net/rest/org/MSFT-Z > > > hmmm Did I just hacked by Micro$oft? > > Gao > http://iplocation.truevue.org/168.63.67.239.html -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Hacked by Microsoft?
This morning someone tried to make sip call through my Asterisk. My server just drop these calls and record them in CDR with IP address: 2012-11-28 06:30:51 SIP/216... 1000 "1000" <1000> Hangup 999011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239 2. 2012-11-28 06:30:49 SIP/216... 1000 "1000" <1000> Hangup 88011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239 3. 2012-11-28 06:30:46 SIP/216... 1000 "1000" <1000> Answer 99011972592249388 ANSWERED 00:02 4. 2012-11-28 06:30:43 SIP/216... 1000 "1000" <1000> Answer 1011972592249388 ANSWERED 00:02 5. 2012-11-28 06:30:39 SIP/216... 1000 "1000" <1000> Hangup 2011972592249388 ANSWERED 00:00 Hacker: 168.63.67.239 6. 2012-11-28 06:30:33 SIP/216... 1000 "1000" <1000> Hangup 7011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239 7. 2012-11-28 06:30:30 SIP/216... 1000 "1000" <1000> Answer 8011972592249388 ANSWERED 00:03 8. 2012-11-28 06:30:27 SIP/216... 1000 "1000" <1000> Hangup 9011972592249388 ANSWERED 00:06 Hacker: 168.63.67.239 9. 2012-11-28 06:30:25 SIP/216... 1000 "1000" <1000> Answer 011972592249388 ANSWERED 00:07 Now I noticed something interesting: The hacker's IP address: 168.63.67.239 whois gave me: NetRange: 168.61.0.0 - 168.63.255.255 CIDR: 168.61.0.0/16, 168.62.0.0/15 OriginAS: NetName:MSFT-EP NetHandle: NET-168-61-0-0-1 Parent: NET-168-0-0-0-0 NetType:Direct Assignment RegDate:2011-06-22 Updated:2012-10-16 Ref:http://whois.arin.net/rest/net/NET-168-61-0-0-1 OrgName:Microsoft Corp OrgId: MSFT-Z Address:One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country:US RegDate:2011-06-22 Updated:2011-06-22 Ref:http://whois.arin.net/rest/org/MSFT-Z hmmm Did I just hacked by Micro$oft? Gao -- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users