The SIP scanner on 62.48.49.40 must be u ... / 2010-10-21

Koos van den Hout

2010-10-21 The SIP scanner on 62.48.49.40 must be u ... 9 years ago
The SIP scanner on 62.48.49.40 must be using an older version of SIPvicious: a number of hours after fail2ban automatically blocked the IP the traffic rose to about 50 kilobyte/second of SIP REGISTER requests. The rule set by fail2ban has until now dropped 3291335 tries.

The older version also means svcrash.py works. So I had to give it a try, and that did wonders for the flood: it directly stopped. If the owner of the SIP scanner wants to discuss this attack on his systems by me, please do.

The traffic is back to a 'trickle' (about 10 seconds between requests). All mails to varous abuse addresses haven't worked yet.
Tags: , , ,
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004281 seconds.