2010-10-14
It seems a telephone DDoS attack on citi ...
It seems a telephone DDoS attack on citibank London was tried. I see a lot of attempts to call +44-20-7500-5000 in the Asterisk logs, and this matches to this listing for citibank London with the incorrect display of the number (either use +44-20-7500-5000 or 020-7500-5000).[2010-10-13 07:10:08] NOTICE[1516] chan_sip.c: Call from '' to extension '#442075005000' rejected because extension not found. [2010-10-13 07:10:08] NOTICE[1516] chan_sip.c: Call from '' to extension '0#442075005000' rejected because extension not found. [2010-10-13 07:10:08] NOTICE[1516] chan_sip.c: Call from '' to extension '00442075005000' rejected because extension not found. [2010-10-13 07:10:08] NOTICE[1516] chan_sip.c: Call from '' to extension '00#442075005000' rejected because extension not found. [2010-10-13 07:10:09] NOTICE[1516] chan_sip.c: Call from '' to extension '000442075005000' rejected because extension not found. [2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '995442075005000' rejected because extension not found. [2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '99599442075005000' rejected because extension not found. [2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '998442075005000' rejected because extension not found. [2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '9999442075005000' rejected because extension not found. [2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '9442075005000' rejected because extension not found.Asterisk was kind enough to log the source:[2010-10-13 07:10:28] WARNING[1516] chan_sip.c: Maximum retries exceeded on transmission 355498004-01909399823-101602981@218.16.119.153 for seqno 102 (Critical Response) [2010-10-13 07:10:28] WARNING[1516] chan_sip.c: Maximum retries exceeded on transmission 1252672785-00018196951-458183090@218.16.119.153 for seqno 102 (Critical Response) [2010-10-13 07:10:28] WARNING[1516] chan_sip.c: Maximum retries exceeded on transmission 2001768799-01552085073-741882079@218.16.119.153 for seqno 102 (Critical Response)Which seems to be a known source for SIP attacks.