nanog mailing list archives
Re: SIP - perhaps botnet? anyone else seeing this?
From: Andy Davidson <andy () nosignal org>
Date: Wed, 15 Apr 2009 18:49:25 +0100
On Wed, Apr 15, 2009 at 11:35:43AM -0500, Dane wrote:
Today I heard from someone who says Verizon is telling them they see about 700 calls per hour to Cuba originating from their PRI. Obviously some type of toll fraud.
In the same way that it's possible to configure a mail relay as a device that forwards mail between unintended parties, it is possible to configure a SIP proxy as a device that causes calls to be forwarded between unintended parties too. Likewise, in the same way that spammers scan network ranges for these misconfigured mail gateways, thieves look for unsecured SIP gateways to relay calls through. The SIP traffic mentioned at the start of this thread doesn't follow the pattern of this constant background noise. Kind regards, Andy
Current thread:
- Re: SIP - perhaps botnet? anyone else seeing this?, (continued)
- Re: SIP - perhaps botnet? anyone else seeing this? Roland Dobbins (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Leland E. Vandervort (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Roland Dobbins (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Leland E. Vandervort (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Randy Bush (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Steven M. Bellovin (Apr 11)
- Re: SIP - perhaps botnet? anyone else seeing this? Leland E. Vandervort (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Roland Dobbins (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Leland E. Vandervort (Apr 15)
- RE: SIP - perhaps botnet? anyone else seeing this? Mike Goldman (Apr 15)
- Re: SIP - perhaps botnet? anyone else seeing this? Gadi Evron (Apr 15)
- Re: SIP - perhaps botnet? anyone else seeing this? Andy Davidson (Apr 15)