24 Jul
2011
24 Jul
'11
2:34 p.m.
your right i allready was having such cases in the past, most sirea leone or romania
calls,
but the abuser was originating from russia in most cases seldom from korea.
The scanner was allways one machine which doing bruteforce
but since a few weeks this changed, only a few request which do not trigger the detection
logic of such attacks from several hosts. Nothing harmfull at the moment .. but if it a
bot
network doing this whis thousands of drones .. how to detect and protect ?
When the password of an account is cracked, why could not the same botnet be used to
make calls ?
That would be an horrorscenario of course
I fear we going in to expect that very soon.
Roger
On 23 Jul 2011 at 21:38, Andreas Fink wrote:
those are scans to find open SIP gateways to then
abuse them to dial to expensive destinations like Cuba.
Those are large scale fraud attempts.
On Jul 23, 2011, at 8:20 PM, roger(a)mgz.ch wrote:
hi all,
more and more i getting sipscans from dynamic ips from most swiss dsl and cable provider
the strange thing is they try at least twice .. and then stop
a few seconds later in most cases come 2 request from another connection.
is that some kind of trojan which is gone wild ?
anyone has some idea ?
Roger
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
24 Jul
24 Jul
2:50 p.m.
New subject: sip scanner
Hello Roger,
this is not coming up soon, it is already happening. I once was victim
of such a fraud whereas they managed to go into my sip provider on the
end, I still have no clue if they broke into trixbox at that time or
bruteforced.
anyway, I ended up only allowing VOIP over VPN. Since then, silence. I
guess that is the only useable countermeasure.
I have the strong feeling, some of the "internet cafes" in foreign
countries that offer "cheap internet calls" to call back home when on
holiday are part of this whole fraudster scene.
Silvan
Silvan
On 24.07.2011 14:34, roger(a)mgz.ch wrote:
your right i allready was having such cases in the
past, most sirea leone or romania calls,
but the abuser was originating from russia in most cases seldom from korea.
The scanner was allways one machine which doing bruteforce
but since a few weeks this changed, only a few request which do not trigger the
detection
logic of such attacks from several hosts. Nothing harmfull at the moment .. but if it a
bot
network doing this whis thousands of drones .. how to detect and protect ?
When the password of an account is cracked, why could not the same botnet be used to
make calls ?
That would be an horrorscenario of course
I fear we going in to expect that very soon.
Roger
On 23 Jul 2011 at 21:38, Andreas Fink wrote:
those are scans to find open SIP gateways to then
abuse them to dial to expensive destinations like Cuba.
Those are large scale fraud attempts.
On Jul 23, 2011, at 8:20 PM, roger(a)mgz.ch wrote:
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
hi all,
more and more i getting sipscans from dynamic ips from most swiss dsl and cable provider
the strange thing is they try at least twice .. and then stop
a few seconds later in most cases come 2 request from another connection.
is that some kind of trojan which is gone wild ?
anyone has some idea ?
Roger
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
4328
days inactive
4328
days old
1 comments
2 participants
participants (2)
-
roger@mgz.ch -
Silvan Gebhardt