http://www.usken.no/2010/02/sip-scanning-causes-ddos-on-ip-1-1-1-1/ VoIP news for VoIP people! Mon, 06 Sep 2010 11:10:08 +0000 http://wordpress.org/?v=2.9.1 hourly 1 http://www.usken.no/2010/02/sip-scanning-causes-ddos-on-ip-1-1-1-1/comment-page-1/#comment-289 sjur Wed, 10 Feb 2010 19:09:37 +0000 http://www.usken.no/?p=331#comment-289 I saw 209.239.120.27 (SERVER4YOU) hit on the 31sth of January. They are probably scanning the whole IPv4 spectrum... not the others... So if you have not secured your IP PBX now, there is no hiding... I saw 209.239.120.27 (SERVER4YOU) hit on the 31sth of January. They are probably scanning the whole IPv4 spectrum… not the others… So if you have not secured your IP PBX now, there is no hiding…

]]> http://www.usken.no/2010/02/sip-scanning-causes-ddos-on-ip-1-1-1-1/comment-page-1/#comment-288 Coward Anonymously Wed, 10 Feb 2010 18:45:48 +0000 http://www.usken.no/?p=331#comment-288 I scanned all my netflows from March 2008 to present and found that on Feb 2nd and Feb 3rd 2010, my net was hit repeatedly on from 75.101.219.28 (Amazon-AES). AFAIK, no one was running a SIP server on my net, so I didn't see any spray to 1.1.1.1. 209.239.120.27 (SERVER4YOU) hit my net on Jan 30 2010. 122.146.174.3 (NCIC-TW New Century InfoComm Tech Co., Ltd.) hit once on Jan 20th. All other hits are over a year old. I scanned all my netflows from March 2008 to present and found that on Feb 2nd and Feb 3rd 2010, my net was hit repeatedly on from 75.101.219.28 (Amazon-AES). AFAIK, no one was running a SIP server on my net, so I didn’t see any spray to 1.1.1.1.
209.239.120.27 (SERVER4YOU) hit my net on Jan 30 2010. 122.146.174.3 (NCIC-TW New Century InfoComm Tech Co., Ltd.) hit once on Jan 20th. All other hits are over a year old.

]]>