2010-10-21
The SIP scanner on 62.48.49.40 must be u ...
The SIP scanner on 62.48.49.40 must be using an older version of SIPvicious: a number of hours after fail2ban automatically blocked the IP the traffic rose to about 50 kilobyte/second of SIP REGISTER requests. The rule set by fail2ban has until now dropped 3291335 tries.The older version also means svcrash.py works. So I had to give it a try, and that did wonders for the flood: it directly stopped. If the owner of the SIP scanner wants to discuss this attack on his systems by me, please do.
The traffic is back to a 'trickle' (about 10 seconds between requests). All mails to varous abuse addresses haven't worked yet.