Re: [OT] To people with VoIP SIP Clients (twinkle, etc), friendly-scanner DOS attack

Patrick Lists wrote:
On 10/15/2010 12:56 AM, Rick Sewill wrote:
[snip]
Would you mind sharing which networks your attacks came from?

I hesitate to answer, but will.

The people who own 67.222.1.124 and 184.106.213.202
were very cooperative and interested.

The Chinese IP address was 218.14.146.200.
I could connect to 218.14.146.200 port 80 and saw,
what I thought, was a Chinese job website...I don't know Chinese.
I apologize if the website is not Chinese.

The attack packets had a user agent name of friendly-scanner.

I assumed it was a version of something found at
http://blog.sipvicious.org/

I assume it was looking for an asterisk server.

Unfortunately, my twinkle client decided to reply.
I tried looking for a twinkle configuration option to tell twinkle to
just ignore REGISTER requests, to no avail.

It seems to be sipvicious although headers can be forged. The site looks
Chinese to my untrained eyes too. I searched on the Twinkle website but
couldn't find a way to ignore register requests. I don't know if other
clients also respond to register requests so can't recommend any
alternatives.


Bottom of the website says, in English, "China Telecom".

:m)
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Relevant Pages