Keep in mind that its not just botnets. Previous discussions on the snort and emerging threats security list discussed amazon's cloud network being used for this. For SIPx users, I think the security is pretty tight and will prevent any overt attacks based on sipvicious but they may be looking to just find generic sip systems to index for further attacks later. Posted on a VOIP Blog, <http://www.usken.no/2010/07/using-botnets-to-do-sip-scanning/> and well as being discussed in security news groups:
**Using botnets to do SIP scanning <http://www.usken.no/2010/07/using-botnets-to-do-sip-scanning/> ** The lastest week there has been a tremendous SIP scanning from IPs all over the world latest week. The scannings are coming from a lot of IPs but the same signature, so it is probably only one person/firm behind this. The scanning is this: OPTIONS sip:1...@x.x.x.x SIP/2.0 Via: SIP/2.0/UDP 192.168.1.9:5060;branch=z9hG4bK-31055767;rport Content-Length: 0 From: “sipsscuser”<sip:1...@192.168.1.9>; tag=01669016334862887007103185718785156498385702949 Accept: application/sdp User-Agent: sundayddr To: “sipssc”<sip:1...@192.168.1.9> Contact: sip:1...@192.168.1.9:5060 CSeq: 1 OPTIONS Call-ID: 022827170099429274868738305 Max-Forwards: 70 The lay-out of the OPTIONS messages is the same as in SIPVicious <http://blog.sipvicious.org/> scannings, so the author has taken this python code and just changed the User-Agent. And this is just the beginning…. -- This message has been forwarded to you by scheid...@secnap.net. You have not been automatically subscribed to this newsletter. To subscribe to this newsletter go to http://lists.secnap.com/lists/?p=subscribe Click http://lists.secnap.com/lists/?p=blacklist&email=sipx-us...@list.sipfoundry.org to refuse further email from this e-mailing list
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
