It seems a telephone DDoS attack on citi ... / 2010-10-14

2010-10-14 It seems a telephone DDoS attack on citi ... 9 years ago
It seems a telephone DDoS attack on citibank London was tried. I see a lot of attempts to call +44-20-7500-5000 in the Asterisk logs, and this matches to this listing for citibank London with the incorrect display of the number (either use +44-20-7500-5000 or 020-7500-5000).
[2010-10-13 07:10:08] NOTICE[1516] chan_sip.c: Call from '' to extension '#442075005000' rejected because extension not found.
[2010-10-13 07:10:08] NOTICE[1516] chan_sip.c: Call from '' to extension '0#442075005000' rejected because extension not found.
[2010-10-13 07:10:08] NOTICE[1516] chan_sip.c: Call from '' to extension '00442075005000' rejected because extension not found.
[2010-10-13 07:10:08] NOTICE[1516] chan_sip.c: Call from '' to extension '00#442075005000' rejected because extension not found.
[2010-10-13 07:10:09] NOTICE[1516] chan_sip.c: Call from '' to extension '000442075005000' rejected because extension not found.

[2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '995442075005000' rejected because extension not found.
[2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '99599442075005000' rejected because extension not found.
[2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '998442075005000' rejected because extension not found.
[2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '9999442075005000' rejected because extension not found.
[2010-10-13 07:10:20] NOTICE[1516] chan_sip.c: Call from '' to extension '9442075005000' rejected because extension not found.
Asterisk was kind enough to log the source:
[2010-10-13 07:10:28] WARNING[1516] chan_sip.c: Maximum retries exceeded on transmission 355498004-01909399823-101602981@218.16.119.153 for seqno 102 (Critical Response)
[2010-10-13 07:10:28] WARNING[1516] chan_sip.c: Maximum retries exceeded on transmission 1252672785-00018196951-458183090@218.16.119.153 for seqno 102 (Critical Response)
[2010-10-13 07:10:28] WARNING[1516] chan_sip.c: Maximum retries exceeded on transmission 2001768799-01552085073-741882079@218.16.119.153 for seqno 102 (Critical Response)
Which seems to be a known source for SIP attacks.

Tags: , , ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004504 seconds.