SIP - perhaps botnet? anyone else seeing this?
Gadi Evron
ge at linuxbox.org
Wed Apr 15 20:03:25 UTC 2009
Leland E. Vandervort wrote:
>
> Managed to get to the bottom of it, and it was indeed a SIP User-Agent
> brute-force attempt. Interestingly, though, that your mail mentions
> specifically verizon... the majority of the remote addresses during this
> brute-force attempt were also behind verizon... coincidence?
>
> Hmm..
There are at least two projects I'm aware of and some tools
released/getting released working on war-dialing over SIP.
One tool to take a look at and see if it fits the bill is WarVOX from
Metasploit's HD Moore.
http://www.warvox.org/index.html
Gadi.
More information about the NANOG
mailing list