2010-10-21 The SIP scanner on 184.108.40.206 must be u ... 9 years ago
The SIP scanner on 220.127.116.11 must be using an older version of SIPvicious: a number of hours after fail2ban automatically blocked the IP the traffic rose to about 50 kilobyte/second of SIP REGISTER requests. The rule set by fail2ban has until now dropped 3291335 tries.
The older version also means svcrash.py works. So I had to give it a try, and that did wonders for the flood: it directly stopped. If the owner of the SIP scanner wants to discuss this attack on his systems by me, please do.The traffic is back to a 'trickle' (about 10 seconds between requests). All mails to varous abuse addresses haven't worked yet.