A bit of a DOS perhaps

Discussion in 'UK VOIP' started by Rob van der Putten, Sep 4, 2012.

  1. Rob van der Putten, Sep 4, 2012
    #1
    1. Advertising

  2. In article <5045c3d5$0$3099$4all.nl>,
    Rob van der Putten <> wrote:
    >Hi there
    >
    >
    >A bit of stats;
    >http://www.sput.nl/asterisk/
    >And these are just the call attempts. There where
    >222357 registration attempts from 208.115.244.154.
    >Why would anyone want to do this?


    To steal your phone calls.

    Google: sipvicious

    Gordon
     
    Gordon Henderson, Sep 4, 2012
    #2
    1. Advertising

  3. Hi there


    Andy Burns wrote:

    > To run their "phone your Israeli relatives kiosk" at your expense?


    [2012-09-03 07:56:25 +0200] NOTICE[3279] chan_sip.c:
    Registration from '"605" <sip:605@80.101.95.251>'
    failed for '208.115.244.154:5451' -
    No matching peer found
    A registration doesn't work. So you try again. And again...
    root@sput:/var/log/asterisk# grep Registration\ from messages.1 | grep
    594 | wc -l
    31099
    root@sput:/var/log/asterisk# grep Registration\ from messages.1 | grep
    595 | wc -l
    9133
    root@sput:/var/log/asterisk# grep Registration\ from messages.1 | grep
    596 | wc -l
    16450
    root@sput:/var/log/asterisk# grep Registration\ from messages.1 | grep
    597 | wc -l
    19432
    Etc...

    At least with the call attempts, they did one try per number.


    Regards,
    Rob
    --
    Why You Should Be More Interested in Mars Than the Olympics
    http://www.huffingtonpost.com/andre...sted-in-mars-than-the-olympics_b_1712462.html
     
    Rob van der Putten, Sep 4, 2012
    #3
  4. Rob van der Putten, Sep 4, 2012
    #4
  5. Rob van der Putten

    Bob Eager Guest

    On Tue, 04 Sep 2012 12:00:36 +0200, Rob van der Putten wrote:

    > Hi there
    >
    >
    > Andy Burns wrote:
    >
    >> To run their "phone your Israeli relatives kiosk" at your expense?

    >
    > [2012-09-03 07:56:25 +0200] NOTICE[3279] chan_sip.c:
    > Registration from '"605" <sip:605@80.101.95.251>'
    > failed for '208.115.244.154:5451' -
    > No matching peer found
    > A registration doesn't work. So you try again. And again...
    > root@sput:/var/log/asterisk# grep Registration\ from messages.1 | grep
    > 594 | wc -l 31099 root@sput:/var/log/asterisk# grep Registration\ from
    > messages.1 | grep 595 | wc -l 9133 root@sput:/var/log/asterisk# grep
    > Registration\ from messages.1 | grep 596 | wc -l 16450
    > root@sput:/var/log/asterisk# grep Registration\ from messages.1 | grep
    > 597 | wc -l 19432 Etc...
    >
    > At least with the call attempts, they did one try per number.


    Fail2ban is good.



    --
    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    *lightning protection* - a w_tom conductor
     
    Bob Eager, Sep 4, 2012
    #5
  6. Andy Burns <> wrote in <>:
    > Rob van der Putten wrote:


    >> A bit of stats;
    >> http://www.sput.nl/asterisk/
    >> And these are just the call attempts. There where
    >> 222357 registration attempts from 208.115.244.154.
    >> Why would anyone want to do this?


    > To run their "phone your Israeli relatives kiosk" at your expense?


    Parts of the middle east seem to like hard to trace and paid for by someone
    else voip calls.

    I amuse myself by playing random 'your call could not be completed as
    dialed' recordings when you try anything in the sip guest environment of an
    asterisk test server which looks like an international call. This keeps
    some intruders at work for 10-20 attempts until they give up.

    SIP registration attempts are handled by fail2ban.

    Koos

    --
    Koos van den Hout, PGP keyid DSS/1024 0xF0D7C263 via keyservers
    4all.nl
    Visit the site about books with reviews
    http://idefix.net/ http://www.virtualbookcase.com/
     
    Koos van den Hout, Sep 11, 2012
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian Bergin

    perhaps better than nat with enough IPs

    Brian Bergin, Nov 11, 2003, in forum: Cisco
    Replies:
    2
    Views:
    424
    Walter Roberson
    Nov 11, 2003
  2. direstraits

    perhaps, this question is about ICS

    direstraits, Aug 22, 2003, in forum: MCSE
    Replies:
    0
    Views:
    402
    direstraits
    Aug 22, 2003
  3. Don
    Replies:
    5
    Views:
    2,085
    °Mike°
    Feb 11, 2004
  4. Igor Mamuziæ

    IOS DoS defense causes DoS to itself:)

    Igor Mamuziæ, May 12, 2006, in forum: Cisco
    Replies:
    2
    Views:
    567
    Igor Mamuzic
    May 20, 2006
  5. GraB
    Replies:
    33
    Views:
    897
    Dave - Dave.net.nz
    Nov 24, 2004
Loading...

Share This Page