[OT] To people with VoIP SIP Clients (twinkle, etc), friendly-scanner DOS attack
Mike Wright
mike.wright at mailinator.com
Fri Oct 15 15:29:35 UTC 2010
Patrick Lists wrote:
> On 10/15/2010 12:56 AM, Rick Sewill wrote:
> [snip]
>>> Would you mind sharing which networks your attacks came from?
>>>
>> I hesitate to answer, but will.
>>
>> The people who own 67.222.1.124 and 184.106.213.202
>> were very cooperative and interested.
>>
>> The Chinese IP address was 218.14.146.200.
>> I could connect to 218.14.146.200 port 80 and saw,
>> what I thought, was a Chinese job website...I don't know Chinese.
>> I apologize if the website is not Chinese.
>>
>> The attack packets had a user agent name of friendly-scanner.
>>
>> I assumed it was a version of something found at
>> http://blog.sipvicious.org/
>>
>> I assume it was looking for an asterisk server.
>>
>> Unfortunately, my twinkle client decided to reply.
>> I tried looking for a twinkle configuration option to tell twinkle to
>> just ignore REGISTER requests, to no avail.
>
> It seems to be sipvicious although headers can be forged. The site looks
> Chinese to my untrained eyes too. I searched on the Twinkle website but
> couldn't find a way to ignore register requests. I don't know if other
> clients also respond to register requests so can't recommend any
> alternatives.
>
Bottom of the website says, in English, "China Telecom".
:m)
More information about the users
mailing list