your right i allready was having such cases in the past, most sirea leone or romania calls, but the abuser was originating from russia in most cases seldom from korea. The scanner was allways one machine which doing bruteforce but since a few weeks this changed, only a few request which do not trigger the detection logic of such attacks from several hosts. Nothing harmfull at the moment .. but if it a bot network doing this whis thousands of drones .. how to detect and protect ? When the password of an account is cracked, why could not the same botnet be used to make calls ? That would be an horrorscenario of course I fear we going in to expect that very soon.
Roger
On 23 Jul 2011 at 21:38, Andreas Fink wrote:
those are scans to find open SIP gateways to then abuse them to dial to expensive destinations like Cuba. Those are large scale fraud attempts.
On Jul 23, 2011, at 8:20 PM, roger@mgz.ch wrote:
hi all, more and more i getting sipscans from dynamic ips from most swiss dsl and cable provider the strange thing is they try at least twice .. and then stop a few seconds later in most cases come 2 request from another connection. is that some kind of trojan which is gone wild ? anyone has some idea ?
Roger
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog