Is it a SIP Recon scan or something else
It seems that there have been some reports of calls on SIP devices over the last couple of days
with a caller ID of ?John Doe <4000>?.
According to an article on freePBX.org's blog site FreePBX :
"This does seem to be a world first - It?s someone, or something, actively scanning the entire internet for misconfigured SIP devices."
Is someone or something testing for a hole or are they checking for systems that are vulnerable to some exploit? According to article SIP uses port 5060. A quick look at the DShield report for port 5060 Dshield.org there has been some activity on this port but nothing significant. It will be interesting to see just how wide spread this is. If you are using an SIP device and have seen this activity on your system let us know. If you have any thoughts or ideas regarding this activity tell us about it.
Thanks to Babak for sending us this information.
According to an article on freePBX.org's blog site FreePBX :
"This does seem to be a world first - It?s someone, or something, actively scanning the entire internet for misconfigured SIP devices."
Is someone or something testing for a hole or are they checking for systems that are vulnerable to some exploit? According to article SIP uses port 5060. A quick look at the DShield report for port 5060 Dshield.org there has been some activity on this port but nothing significant. It will be interesting to see just how wide spread this is. If you are using an SIP device and have seen this activity on your system let us know. If you have any thoughts or ideas regarding this activity tell us about it.
Thanks to Babak for sending us this information.
Keywords:
0 comment(s)
Handlers in Vegas - Slow Diary Day
It has really been a slow news day and many of our Handlers are in Vegas at the SANS conference. Humm, makes you wonder if there is a connection. Anyway we can't wait to get a report back from those attending as to the fun and frivolities that they have encountered.
In light of the slow diary day, I want to take this opportunity to write about the SANS Reading Room.
SANS Reading Room
If you haven't taken a look at the information in the Reading Room yet you will be surprised at what you have missed. There is a wealth of information and lots of valuable resources on a number of topics of interest to anyone in the Computer Security/Information Security field. There is also a great deal of information to help you learn more about how to secure your networks.
New information and articles are added regularly so you will want to check back often to see what new information is available.
In light of the slow diary day, I want to take this opportunity to write about the SANS Reading Room.
SANS Reading Room
If you haven't taken a look at the information in the Reading Room yet you will be surprised at what you have missed. There is a wealth of information and lots of valuable resources on a number of topics of interest to anyone in the Computer Security/Information Security field. There is also a great deal of information to help you learn more about how to secure your networks.
New information and articles are added regularly so you will want to check back often to see what new information is available.
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments
Anonymous
Dec 3rd 2022
10 months ago
Anonymous
Dec 3rd 2022
10 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
9 months ago