Another SIP scan and traffic flood going ... / 2010-11-15

Koos van den Hout

2010-11-15 Another SIP scan and traffic flood going ... 9 years ago
Another SIP scan and traffic flood going on, this time from 84.124.101.65. It started like all the others: 
[2010-11-14 07:05:40] NOTICE[6576] chan_sip.c: Registration from '"728107069"<sip:728107069@mm.nn.oo.pp>' failed for '84.124.101.65' - No matching peer found
[2010-11-14 07:05:40] NOTICE[6576] chan_sip.c: Registration from '"3220398202"<sip:3220398202@mm.nn.oo.pp>' failed for '84.124.101.65' - No matching peer found
[2010-11-14 07:05:47] NOTICE[6576] chan_sip.c: Registration from '"728107069" <sip:728107069@mm.nn.oo.pp>' failed for '84.124.101.65' - No matching peer found
[2010-11-14 07:06:13] NOTICE[6576] chan_sip.c: Registration from '"728107069" <sip:728107069@mm.nn.oo.pp>' failed for '84.124.101.65' - No matching peer found
[2010-11-14 07:06:13] NOTICE[6576] chan_sip.c: Registration from '"728107069" <sip:728107069@mm.nn.oo.pp>' failed for '84.124.101.65' - No matching peer found
[2010-11-14 07:06:13] NOTICE[6576] chan_sip.c: Registration from '"728107069" <sip:728107069@mm.nn.oo.pp>' failed for '84.124.101.65' - No matching peer found
[2010-11-14 07:06:13] NOTICE[6576] chan_sip.c: Registration from '"728107069" <sip:728107069@mm.nn.oo.pp>' failed for '84.124.101.65' - No matching peer found
[2010-11-14 07:06:13] NOTICE[6576] chan_sip.c: Registration from '"728107069" <sip:728107069@mm.nn.oo.pp>' failed for '84.124.101.65' - No matching peer found
[2010-11-14 07:06:13] NOTICE[6576] chan_sip.c: Registration from '"728107069" <sip:728107069@mm.nn.oo.pp>' failed for '84.124.101.65' - No matching peer found
And fail2ban picked it up soon. But it is still active, causing delays for me.
SIP packet: 
        Via: SIP/2.0/UDP 192.168.130.65:5070;branch=z9hG4bK-3016029746;rport
            Transport: UDP
            Sent-by Address: 192.168.130.65
            Sent-by port: 5070
            Branch: z9hG4bK-3016029746
            RPort: rport
        Content-Length: 0
        From: "728107069" <sip:728107069@mm.nn.oo.pp>
            SIP Display info: "728107069" 
            SIP from address: sip:728107069@mm.nn.oo.pp
        Accept: application/sdp
        User-Agent: friendly-scanner
        To: "728107069" <sip:728107069@mm.nn.oo.pp>
            SIP Display info: "728107069" 
            SIP to address: sip:728107069@mm.nn.oo.pp
        Contact: sip:123@84.124.101.65:42529
            Contact Binding: sip:123@84.124.101.65:42529
                URI: sip:123@84.124.101.65:42529\r
                    SIP contact address: sip:123@84.124.101.65:42529\r
        CSeq: 1 REGISTER
            Sequence Number: 1
            Method: REGISTER
        Call-ID: 3948668237
        Max-Forwards: 70
Tags: , , ,
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004763 seconds.