[Callweaver-users] Brute force hacking tentative

[Harold G. Polet]

Hello,

While checking the message log from callweaver I noticed about 250 000  
registrations failure from hackers.

They usually try to register extensions from 0 to 9999 and a list of  
common names and departments.
Once they found valid extensions they try brute force password method.
They send more or less 35 requests per second.

Best regards,
Harold

Those ip's have done extensions guess :
85.214.69.155
212.95.47.154
77.81.133.217
208.94.244.75
201.238.222.83
204.236.173.58
72.20.6.198
174.129.48.195
78.41.97.68
213.165.91.132
125.210.200.164
204.236.159.154
174.36.237.83
194.44.244.187
88.103.219.182
201.90.135.110
200.110.68.228
213.180.95.219

Those ip's have done extensions guess and password brute force :
174.36.237.83
88.103.219.182

Typical attack look like this :
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from  
'"operator"<sip:opera...@85.27.12.150>' failed for '208.94.244.75' -  
Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from  
'"asterisk"<sip:aster...@85.27.12.150>' failed for '208.94.244.75' -  
Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"122"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"123"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"oracle"<sip:ora...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"temp"<sip:t...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"124"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"125"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"jobs"<sip:j...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"shop"<sip:s...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"126"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"127"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"help"<sip:h...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"128"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"orders"<sip:ord...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"129"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"aaron"<sip:aa...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"steve"<sip:st...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"130"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"131"<sip:1...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"dave"<sip:d...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from 
'"paul"<sip:p...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch

and :
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"393"<sip:3...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"394"<sip:3...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"395"<sip:3...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"396"<sip:3...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"397"<sip:3...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"398"<sip:3...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"399"<sip:3...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"400"<sip:4...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"401"<sip:4...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"402"<sip:4...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"403"<sip:4...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"404"<sip:4...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"405"<sip:4...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"406"<sip:4...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"407"<sip:4...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from 
'"408"<sip:4...@85.27.12.150 
 >' failed for '208.94.244.75' - Username/auth name mismatch

Brute force :
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" 
<sip:1...@192.168.1.98 
 >' failed for '174.36.237.83' - Wrong password

_______________________________________________
Callweaver-users mailing list
Callweaver-users@callweaver.org
http://lists.callweaver.org/mailman/listinfo/callweaver-users