bruce bruce
2010-Oct-02 18:59 UTC
[asterisk-users] Attempts to hack Asterisk - What do these lines means
Hi Everyone, Like always, here are IPs from China that try to hack an Asterisk server. Can someone please explain what is happening or what the hacker is trying to reach: 02/10/2010 11:10 SIP/113.105.152.51-000000fb sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-000000fe sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-000000fc sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-000000fd sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-000000ff sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00000100 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000101 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000102 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000103 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000104 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000105 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000106 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000107 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000108 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000109 sip "sip" <sip> s ANSWERED 13 Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101002/9d754206/attachment.htm
Zeeshan Zakaria
2010-Oct-02 19:25 UTC
[asterisk-users] Attempts to hack Asterisk - What do these lines means
Seems like anonymous SIP calls which end up in from-sip-external context
with a dead end. This is usually how hackers start their hack attempts.
Zeeshan A Zakaria
--
www.ilovetovoip.com
On 2010-10-02 3:05 PM, "bruce bruce" <bruceb444 at gmail.com>
wrote:
Hi Everyone,
Like always, here are IPs from China that try to hack an Asterisk server.
Can someone please explain what is happening or what the hacker is trying to
reach:
02/10/2010 11:10 SIP/113.105.152.51-000000fb sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:10 SIP/113.105.152.51-000000fe sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:10 SIP/113.105.152.51-000000fc sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:10 SIP/113.105.152.51-000000fd sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:10 SIP/113.105.152.51-000000ff sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:10 SIP/113.105.152.51-00000100 sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:17 SIP/222.73.204.198-00000101 sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:17 SIP/222.73.204.198-00000102 sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:17 SIP/222.73.204.198-00000103 sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:17 SIP/222.73.204.198-00000104 sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:17 SIP/222.73.204.198-00000105 sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:17 SIP/222.73.204.198-00000106 sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:17 SIP/222.73.204.198-00000107 sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:17 SIP/222.73.204.198-00000108 sip "sip" <sip> s
ANSWERED 13
02/10/2010 11:17 SIP/222.73.204.198-00000109 sip "sip" <sip> s
ANSWERED 13
Thanks
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20101002/1dda3dae/attachment.htm
Alec Davis
2010-Oct-03 20:53 UTC
[asterisk-users] Attempts to hack Asterisk - What do these lines means
In another email I've just responded to, it might pay to consider http://www.emergingthreats.net/index.php/rules-mainmenu-38.html Alec Davis _____ From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of bruce bruce Sent: Sunday, 3 October 2010 7:59 a.m. To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [asterisk-users] Attempts to hack Asterisk - What do these lines means Hi Everyone, Like always, here are IPs from China that try to hack an Asterisk server. Can someone please explain what is happening or what the hacker is trying to reach: 02/10/2010 11:10 SIP/113.105.152.51-000000fb sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-000000fe sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-000000fc sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-000000fd sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-000000ff sip "sip" <sip> s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00000100 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000101 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000102 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000103 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000104 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000105 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000106 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000107 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000108 sip "sip" <sip> s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-00000109 sip "sip" <sip> s ANSWERED 13 Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101004/1b7b6729/attachment.htm