nanog mailing list archives
Re: SIP - perhaps botnet? anyone else seeing this?
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 15 Apr 2009 23:03:25 +0300
Leland E. Vandervort wrote:
Managed to get to the bottom of it, and it was indeed a SIP User-Agent brute-force attempt. Interestingly, though, that your mail mentions specifically verizon... the majority of the remote addresses during this brute-force attempt were also behind verizon... coincidence? Hmm..
There are at least two projects I'm aware of and some tools released/getting released working on war-dialing over SIP.
One tool to take a look at and see if it fits the bill is WarVOX from Metasploit's HD Moore.
http://www.warvox.org/index.html Gadi.
Current thread:
- SIP - perhaps botnet? anyone else seeing this? Leland E. Vandervort (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Roland Dobbins (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Leland E. Vandervort (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Roland Dobbins (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Leland E. Vandervort (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Randy Bush (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Steven M. Bellovin (Apr 11)
- Re: SIP - perhaps botnet? anyone else seeing this? Leland E. Vandervort (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Roland Dobbins (Apr 10)
- Re: SIP - perhaps botnet? anyone else seeing this? Leland E. Vandervort (Apr 15)
- RE: SIP - perhaps botnet? anyone else seeing this? Mike Goldman (Apr 15)
- Re: SIP - perhaps botnet? anyone else seeing this? Gadi Evron (Apr 15)
- Re: SIP - perhaps botnet? anyone else seeing this? Andy Davidson (Apr 15)