Jump to content

anyone else noticing widespread sip attacks?


Recommended Posts

We have a system that is being attacked by a big number of IP's all around the world. (100's of ip's)

Anyone else seeing this type of attack?




We have seens the following addresses over the past few weeks: (a lot)

Link to comment
Share on other sites

here is our list in the last day:

Link to comment
Share on other sites

Our research is indicating:


-a SIP brute force Botnet appears to in operation

-It is not a massive botnet, perhaps several hundred bots worldwide (our estimation)

-very few bots in the USA

-user agent = "Asterisk PBX"


If there is anything else that would help anyone, let me know.





As you know Matt, I am currently tracking the same thing. we are seeing hundreds of hits per day. There has to be a setting in the PBX to block them permanently. I saw one today that got an extension on the second try. Good think I have secure passwords!



Link to comment
Share on other sites

  • 3 weeks later...

We use a honeypot application at various IP's throughout our network to find scanners. most scanners first send an OPTION message to see if your SIP port is open. our honeypot detects this and processes a block to our core router.

This has been very effective at stopping unwanted traffic before it becomes an outage issue.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...