voip.ms has pop's in almost a dozen US/CANADA cities. It depends on where you register and/or have DID's intentionally pointed.
On Fri, Jan 20, 2012 at 1:33 PM, [email protected] <[email protected]> wrote: > Weird, it's just a voip.ms IP. That IP is supposed to be a Chicago location > but it resolves to India. > I thought voip.ms was a Canadian company but guess the roots run deep. > > > > > > On Fri, 20 Jan 2012 12:12:52 -0600, [email protected] wrote: >> This morning, I noticed the following on a pfsense firewall. >> >> udp I 192.168.1.241:5080 64.120.22.242:5060 2:2 1212 50 80 >> 13505 >> udp O 192.168.1.241:5080 64.120.22.242:5060 2:2 1212 50 80 >> 13505 >> >> This resolves to the city of Ujjain in India and we don't have anyone in >> India that should be using the system. >> >> I did a quick tcpdump to see more and got the following; >> >> [root@sx ~]# tcpdump dst 64.120.22.242 >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes >> 12:04:33.405982 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 4 >> 12:04:53.406059 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 4 >> 12:05:13.477918 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 4 >> 12:05:33.409619 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 4 >> 12:05:53.413251 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 4 >> 12:06:03.398949 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 564 >> 12:06:03.444194 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 730 >> 12:06:13.414199 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 4 >> 12:06:33.416681 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 4 >> 12:06:53.417878 IP 192.168.1.241.5080 > >> 64.120.22.242.ubiquityservers.com.sip: SIP, length: 4 >> >> Seems to be sitting idle for the most part, connecting out to that network. >> I thought I'd ask on the list in case this is a sipx function but I highly >> doubt it. I don't see any strange outgoing calls or anything out of the >> ordinary either which makes this even weirder. >> >> Does this look like a hack or something else? >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.465.6833 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 Ask about our Internet Fax services! _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
