Re: [asterisk-users] Attempts to hack Asterisk - What do these lines means
In another email I've just responded to, it might pay to consider http://www.emergingthreats.net/index.php/rules-mainmenu-38.html Alec Davis _ From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of bruce bruce Sent: Sunday, 3 October 2010 7:59 a.m. To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [asterisk-users] Attempts to hack Asterisk - What do these lines means Hi Everyone, Like always, here are IPs from China that try to hack an Asterisk server. Can someone please explain what is happening or what the hacker is trying to reach: 02/10/2010 11:10 SIP/113.105.152.51-00fb sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fe sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fc sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fd sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00ff sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-0100 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0101 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0102 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0103 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0104 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0105 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0106 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0107 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0108 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0109 sip "sip" s ANSWERED 13 Thanks -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Attempts to hack Asterisk - What do these lines means
Seems like anonymous SIP calls which end up in from-sip-external context with a dead end. This is usually how hackers start their hack attempts. Zeeshan A Zakaria -- www.ilovetovoip.com On 2010-10-02 3:05 PM, "bruce bruce" wrote: Hi Everyone, Like always, here are IPs from China that try to hack an Asterisk server. Can someone please explain what is happening or what the hacker is trying to reach: 02/10/2010 11:10 SIP/113.105.152.51-00fb sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fe sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fc sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fd sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00ff sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-0100 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0101 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0102 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0103 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0104 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0105 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0106 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0107 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0108 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0109 sip "sip" s ANSWERED 13 Thanks -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Attempts to hack Asterisk - What do these lines means
Hi Everyone, Like always, here are IPs from China that try to hack an Asterisk server. Can someone please explain what is happening or what the hacker is trying to reach: 02/10/2010 11:10 SIP/113.105.152.51-00fb sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fe sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fc sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fd sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00ff sip "sip" s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-0100 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0101 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0102 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0103 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0104 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0105 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0106 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0107 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0108 sip "sip" s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0109 sip "sip" s ANSWERED 13 Thanks -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users