Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
Is it a SIP Recon scan or something else
Published: 2006-10-07,
Last Updated: 2006-10-07 21:01:48 UTC
by Deborah Hale (Version: 1)
Last Updated: 2006-10-07 21:01:48 UTC
by Deborah Hale (Version: 1)
It seems that there have been some reports of calls on SIP devices over the last couple of days
with a caller ID of ‘John Doe <4000>‘.
According to an article on freePBX.org's blog site FreePBX :
"This does seem to be a world first - It’s someone, or something, actively scanning the entire internet for misconfigured SIP devices."
Is someone or something testing for a hole or are they checking for systems that are vulnerable to some exploit? According to article SIP uses port 5060. A quick look at the DShield report for port 5060 Dshield.org there has been some activity on this port but nothing significant. It will be interesting to see just how wide spread this is. If you are using an SIP device and have seen this activity on your system let us know. If you have any thoughts or ideas regarding this activity tell us about it.
Thanks to Babak for sending us this information.
According to an article on freePBX.org's blog site FreePBX :
"This does seem to be a world first - It’s someone, or something, actively scanning the entire internet for misconfigured SIP devices."
Is someone or something testing for a hole or are they checking for systems that are vulnerable to some exploit? According to article SIP uses port 5060. A quick look at the DShield report for port 5060 Dshield.org there has been some activity on this port but nothing significant. It will be interesting to see just how wide spread this is. If you are using an SIP device and have seen this activity on your system let us know. If you have any thoughts or ideas regarding this activity tell us about it.
Thanks to Babak for sending us this information.
Keywords:
0 comment(s)Handlers in Vegas - Slow Diary Day
Published: 2006-10-07,
Last Updated: 2006-10-07 20:39:55 UTC
by Deborah Hale (Version: 1)
Last Updated: 2006-10-07 20:39:55 UTC
by Deborah Hale (Version: 1)
It has really been a slow news day and many of our Handlers are in Vegas at the SANS conference. Humm, makes you wonder if there is a connection. Anyway we can't wait to get a report back from those attending as to the fun and frivolities that they have encountered.
In light of the slow diary day, I want to take this opportunity to write about the SANS Reading Room.
SANS Reading Room
If you haven't taken a look at the information in the Reading Room yet you will be surprised at what you have missed. There is a wealth of information and lots of valuable resources on a number of topics of interest to anyone in the Computer Security/Information Security field. There is also a great deal of information to help you learn more about how to secure your networks.
New information and articles are added regularly so you will want to check back often to see what new information is available.
In light of the slow diary day, I want to take this opportunity to write about the SANS Reading Room.
SANS Reading Room
If you haven't taken a look at the information in the Reading Room yet you will be surprised at what you have missed. There is a wealth of information and lots of valuable resources on a number of topics of interest to anyone in the Computer Security/Information Security field. There is also a great deal of information to help you learn more about how to secure your networks.
New information and articles are added regularly so you will want to check back often to see what new information is available.
Keywords:
0 comment(s)Comments
Please choose a specific diary above to comment
Diary Archives
