Contact Me
Home arrow Articles on toningenieur.info arrow Asterisk in the wild
Asterisk in the wild Print E-mail
Feb 01, 2013 at 06:31 PM

Dear momentary owner of, you might want to increase your efforts of brute forcing my asterisk installation a bit. Simply running plain SIP registrations will not do the job, you're only wasting my bandwidth, speaking for my particular VoIP setup, this is about the least elegant/efficient way to achieve further privileges.

The red line is proportional to the amount of blocked harmful SIP registration attempts. Yes, the kiddie even keeps/kept his IP address for more than a healthy period of time now, so even an automated connect rate triggered pf rule did the job quite satisfying. I'd say, that is so stupid, it's worth mentioning and I just have to ask - how old are you?

This is again one of the caveats with IP network structures. While it's trivial at best to discard packets with certain attributes with any packet filter these days, once the packet is on its way, there's no way to stop it, or even reallocate the bandwidth to useful things. And yes, I could write an abuse complaint, but why should I care? It doesn't change a bit and this system (btw. just one more hacked CentOS) won't be up very long anyway.

An by the way, the current whois output refers to a BSB Service GmbH, we'll see well they can control their network looking at the area below the red line while the hacked system keeps sending packets:

organisation:   ORG-BSBS1-RIPE
org-name:       B S B - Service GmbH
org-type:       OTHER
descr:          Internet-Hoster
remarks:        BSB Service GmbH is part of intergenia AG
address:        Daimlerstr.9-11
address:        50354 Huerth
address:        Germany
phone:          +49 2233 612-0
fax-no:         +49 2233 612-144
admin-c:        NPA10-RIPE
tech-c:         NPA10-RIPE
mnt-ref:        INTERGENIA-MNT
<Previous   Next>
Page generated in 0.003061 seconds