Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.




3567 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

Topic # 60027 16-Apr-2010 18:24 Send private message

I have added a couple of comments recently into a couple of threads, one about PABX fraud, and a couple about my soapbox views on proper configuartion and open access devices.

PABX Fraud

VOIP Configuration

Choosing a VOIP provider

One of the main reasons why I am so active and vocal on proper configuration and why WxC has been so focused on structured deployment models is highlighted by something I saw last night and I think it covers off all the topics above so I thought I would share.

What you see below is offshore SIP attack from a well known SIP tool sipvicious, now this attack fails and lasted about 60 seconds, but you will see that it is a pretty intensive attack. If I had a device that wasn't configured properly and allowed unauthorized SIP access, what damage could have been done financially if they were able to bounce calls through my device, this could have a very very bad situation for both me and my Service provider (lucky I have a good one and they have properly configured my Box) imagine not knowing your box was compromised and getting a bill at the end of the month.

One of my biggest concerns is that a lot of people still seem to think that just because you can make a SIP call you can deploy VOIP technology and are quite happy to set and forget, I was dismayed to see someone saying they work in the industry and “test’s” SIP carrier basically saying in one thread that configuration is not really that important….omg…. all I can say is that  I am glad we have better dealers and independent people like Mr Biddle out there that do see and understand the importance and are actively trying to promote good practices ,  Some People don’t seem to like WxC because of our stand and are happy to push people into systems that have no type of config control, what we are actively trying to promote is good deployment and SIP practices to protect customers and make this technology  a success and attempts like below will always fail ,

You really need to be aware as either as a home VOIP user or  integrator that there are people and systems out there day and night trying to hack your systems and you won’t even see it, configuration and security is the number one thing and should not be taken lightly, spending time on configs and understanding SIP / VOIP security is time well spent,  the ramifications of not doing it could be the opposite of what we see below…. A FAILED Sip attack

Apr 16 03:15:25 192.168.15.1 [0]<<109.123.70.28:5061(417)

Apr 16 03:15:25 192.168.15.1 [0]<<109.123.70.28:5061(417)

Apr 16 03:15:25 192.168.15.1 ; tag=3735363862366538313363340133313332373831393631  Accept: application/sdp  User-Agent: friendly-scanner  To: "sipvicious"  Contact: sip:[email protected]:5061  CSeq: 1 OPTIONS  Call-ID: 188295235779146374981723  Max-Forwards: 70   

Apr 16 03:15:26 192.168.15.1 

Apr 16 03:15:26 192.168.15.1 

Apr 16 03:15:26 192.168.15.1 [0]->109.123.70.28:5061(338)

Apr 16 03:15:26 192.168.15.1 [0]->109.123.70.28:5061(338)

Apr 16 03:15:26 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "sipvicious"; tag=3735363862366538313363340133313332373831393631  Call-ID: 188295235779146374981723  CSeq: 1 OPTIONS  Via: SIP/2.0/UDP 109.123.70.28:5061;branch=z9hG4bK-3111396563  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:26 192.168.15.1 

Apr 16 03:15:26 192.168.15.1 

Apr 16 03:15:26 192.168.15.1                 ---- eval_prov_logic 1 ----  19107 --    3822679

Apr 16 03:15:27 192.168.15.1 [0]<<109.123.70.28:5296(431)

Apr 16 03:15:27 192.168.15.1 [0]<<109.123.70.28:5296(431)

Apr 16 03:15:27 192.168.15.1 ; tag=3531303836313738310133313131363231383734  Accept: application/sdp  User-Agent: friendly-scanner  To: "510861781"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 5619575  Max-Forwards: 70   

Apr 16 03:15:27 192.168.15.1 

Apr 16 03:15:27 192.168.15.1 

Apr 16 03:15:27 192.168.15.1 [0]->109.123.70.28:5296(342)

Apr 16 03:15:27 192.168.15.1 [0]->109.123.70.28:5296(342)

Apr 16 03:15:27 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "510861781"; tag=3531303836313738310133313131363231383734  Call-ID: 5619575  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-4098015369  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:28 192.168.15.1 

Apr 16 03:15:28 192.168.15.1 

Apr 16 03:15:28 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:28 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:28 192.168.15.1 ; tag=3130300133303734373736323033  Accept: application/sdp  User-Agent: friendly-scanner  To: "100"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 576812190  Max-Forwards: 70   

Apr 16 03:15:28 192.168.15.1 

Apr 16 03:15:28 192.168.15.1 

Apr 16 03:15:28 192.168.15.1 [0]->109.123.70.28:5296(307)

Apr 16 03:15:29 192.168.15.1 [0]->109.123.70.28:5296(307)

Apr 16 03:15:29 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "100"; tag=3130300133303734373736323033  Call-ID: 576812190  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-485109811  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:29 192.168.15.1 

Apr 16 03:15:29 192.168.15.1 

Apr 16 03:15:29 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:29 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:29 192.168.15.1 ; tag=3130310131343431313731363832  Accept: application/sdp  User-Agent: friendly-scanner  To: "101"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2366989531  Max-Forwards: 70   

Apr 16 03:15:30 192.168.15.1 

Apr 16 03:15:30 192.168.15.1 

Apr 16 03:15:30 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:30 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:30 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "101"; tag=3130310131343431313731363832  Call-ID: 2366989531  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-4078127608  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:30 192.168.15.1 

Apr 16 03:15:30 192.168.15.1 

Apr 16 03:15:30 192.168.15.1 [0]<<109.123.70.28:5296(385)

Apr 16 03:15:31 192.168.15.1 [0]<<109.123.70.28:5296(385)

Apr 16 03:15:31 192.168.15.1 ; tag=3130320133383030383834363938  Accept: application/sdp  User-Agent: friendly-scanner  To: "102"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 114004449  Max-Forwards: 70   

Apr 16 03:15:31 192.168.15.1 

Apr 16 03:15:31 192.168.15.1 

Apr 16 03:15:31 192.168.15.1 [0]->109.123.70.28:5296(308)

Apr 16 03:15:31 192.168.15.1 [0]->109.123.70.28:5296(308)

Apr 16 03:15:31 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "102"; tag=3130320133383030383834363938  Call-ID: 114004449  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3282451145  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:31 192.168.15.1 

Apr 16 03:15:32 192.168.15.1 

Apr 16 03:15:32 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:32 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:32 192.168.15.1 ; tag=3130330133383433353635313735  Accept: application/sdp  User-Agent: friendly-scanner  To: "103"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 3525661050  Max-Forwards: 70   

Apr 16 03:15:32 192.168.15.1 

Apr 16 03:15:32 192.168.15.1 

Apr 16 03:15:32 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:32 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:33 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "103"; tag=3130330133383433353635313735  Call-ID: 3525661050  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-4208986808  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:33 192.168.15.1 

Apr 16 03:15:33 192.168.15.1 

Apr 16 03:15:33 192.168.15.1 [0]<<109.123.70.28:5296(385)

Apr 16 03:15:33 192.168.15.1 [0]<<109.123.70.28:5296(385)

Apr 16 03:15:33 192.168.15.1 ; tag=3130340132383637333838353837  Accept: application/sdp  User-Agent: friendly-scanner  To: "104"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 552572289  Max-Forwards: 70   

Apr 16 03:15:33 192.168.15.1 

Apr 16 03:15:33 192.168.15.1 

Apr 16 03:15:34 192.168.15.1 [0]->109.123.70.28:5296(308)

Apr 16 03:15:34 192.168.15.1 [0]->109.123.70.28:5296(308)

Apr 16 03:15:34 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "104"; tag=3130340132383637333838353837  Call-ID: 552572289  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1384351159  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:34 192.168.15.1 

Apr 16 03:15:34 192.168.15.1 

Apr 16 03:15:34 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:34 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:35 192.168.15.1 ; tag=3130350133333031323438363530  Accept: application/sdp  User-Agent: friendly-scanner  To: "105"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 3513181537  Max-Forwards: 70   

Apr 16 03:15:35 192.168.15.1 

Apr 16 03:15:35 192.168.15.1 

Apr 16 03:15:35 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:35 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:35 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "105"; tag=3130350133333031323438363530  Call-ID: 3513181537  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3903782271  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:35 192.168.15.1 

Apr 16 03:15:35 192.168.15.1 

Apr 16 03:15:36 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:36 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:36 192.168.15.1 ; tag=31303601333132363739343535  Accept: application/sdp  User-Agent: friendly-scanner  To: "106"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2214423893  Max-Forwards: 70   

Apr 16 03:15:36 192.168.15.1 

Apr 16 03:15:36 192.168.15.1 

Apr 16 03:15:36 192.168.15.1 [0]->109.123.70.28:5296(307)

Apr 16 03:15:36 192.168.15.1 [0]->109.123.70.28:5296(307)

Apr 16 03:15:36 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "106"; tag=31303601333132363739343535  Call-ID: 2214423893  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3663372868  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:37 192.168.15.1 

Apr 16 03:15:37 192.168.15.1 

Apr 16 03:15:37 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:37 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:37 192.168.15.1 ; tag=3130370131313931303535303638  Accept: application/sdp  User-Agent: friendly-scanner  To: "107"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 1654620911  Max-Forwards: 70   

Apr 16 03:15:37 192.168.15.1 

Apr 16 03:15:37 192.168.15.1 

Apr 16 03:15:37 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:38 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:38 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "107"; tag=3130370131313931303535303638  Call-ID: 1654620911  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-4051676721  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:38 192.168.15.1 

Apr 16 03:15:38 192.168.15.1 

Apr 16 03:15:38 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:38 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:38 192.168.15.1 ; tag=3130380133373730373532343930  Accept: application/sdp  User-Agent: friendly-scanner  To: "108"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 855089194  Max-Forwards: 70   

Apr 16 03:15:38 192.168.15.1 [0]<<109.123.70.28:5296(385)

Apr 16 03:15:39 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:39 192.168.15.1 [0]<<109.123.70.28:5296(383)

Apr 16 03:15:39 192.168.15.1 [0]<<109.123.70.28:5296(383)

Apr 16 03:15:39 192.168.15.1 ; tag=31333401323936393535303735  Accept: application/sdp  User-Agent: friendly-scanner  To: "134"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2470297832  Max-Forwards: 70   

Apr 16 03:15:39 192.168.15.1 [0]<<109.123.70.28:5296(383)

Apr 16 03:15:39 192.168.15.1 

Apr 16 03:15:39 192.168.15.1 OP ADD OBJ t=6 i=6080 s=92

Apr 16 03:15:40 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:40 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:40 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "168"; tag=3136380133303833343330363335  Call-ID: 2857195534  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-2185416638  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:40 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:40 192.168.15.1 [0]<<109.123.70.28:5296(382)

Apr 16 03:15:40 192.168.15.1 [0]<<109.123.70.28:5296(382)

Apr 16 03:15:40 192.168.15.1 ; tag=31383101383533323430343236  Accept: application/sdp  User-Agent: friendly-scanner  To: "181"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 2646991175  Max-Forwards: 70   

Apr 16 03:15:40 192.168.15.1 

Apr 16 03:15:41 192.168.15.1 

Apr 16 03:15:41 192.168.15.1 OP ADD OBJ t=6 i=6080 s=219

Apr 16 03:15:41 192.168.15.1 OP ADD OBJ t=0 i=52 s=228

Apr 16 03:15:41 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:41 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:41 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "234"; tag=3233340133393732383131343739  Call-ID: 2128758281  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3341749809  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:41 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:41 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:42 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "266"; tag=3236360134303232313030383131  Call-ID: 1325945728  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1862571387  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:42 192.168.15.1 OP ADD OBJ t=6 i=6080 s=317

Apr 16 03:15:42 192.168.15.1 

Apr 16 03:15:42 192.168.15.1 

Apr 16 03:15:42 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:42 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:42 192.168.15.1 ; tag=3331360131323935373136353738  Accept: application/sdp  User-Agent: friendly-scanner  To: "316"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 4207854977  Max-Forwards: 70   

Apr 16 03:15:42 192.168.15.1 [0]<<109.123.70.28:5296(382)

Apr 16 03:15:43 192.168.15.1 [0]<<109.123.70.28:5296(382)

Apr 16 03:15:43 192.168.15.1 ; tag=33343001393835323636363738  Accept: application/sdp  User-Agent: friendly-scanner  To: "340"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 1401741637  Max-Forwards: 70   

Apr 16 03:15:43 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:43 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:43 192.168.15.1 ; tag=3339310131313731373432353134  Accept: application/sdp  User-Agent: friendly-scanner  To: "391"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 1422793043  Max-Forwards: 70   

Apr 16 03:15:43 192.168.15.1 

Apr 16 03:15:43 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:43 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:44 192.168.15.1 ; tag=3433300132333438393035383332  Accept: application/sdp  User-Agent: friendly-scanner  To: "430"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2635033161  Max-Forwards: 70   

Apr 16 03:15:44 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:44 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:44 192.168.15.1 ; tag=34363701323935343633333834  Accept: application/sdp  User-Agent: friendly-scanner  To: "467"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 1112445275  Max-Forwards: 70   

Apr 16 03:15:44 192.168.15.1 OP ADD OBJ t=6 i=6080 s=514

Apr 16 03:15:44 192.168.15.1 OP ADD OBJ t=0 i=52 s=523

Apr 16 03:15:44 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:44 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:45 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "503"; tag=3530330131373439363535383639  Call-ID: 2390797161  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1818131913  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:45 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:45 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:45 192.168.15.1 ; tag=35333801383637303935383235  Accept: application/sdp  User-Agent: friendly-scanner  To: "538"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 1910374622  Max-Forwards: 70   

Apr 16 03:15:45 192.168.15.1 OP ADD OBJ t=6 i=6080 s=585

Apr 16 03:15:45 192.168.15.1 OP ADD OBJ t=0 i=52 s=594

Apr 16 03:15:45 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:45 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:46 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "574"; tag=3537340131363831393239323138  Call-ID: 4177625258  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1795371310  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:46 192.168.15.1 

Apr 16 03:15:46 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:46 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:46 192.168.15.1 ; tag=3630390133313530323130323234  Accept: application/sdp  User-Agent: friendly-scanner  To: "609"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2422465209  Max-Forwards: 70   

Apr 16 03:15:46 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:46 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:47 192.168.15.1 ; tag=3634320131333539393232353835  Accept: application/sdp  User-Agent: friendly-scanner  To: "642"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 1314436959  Max-Forwards: 70   

Apr 16 03:15:47 192.168.15.1 [0]<<109.123.70.28:5296(382)

Apr 16 03:15:47 192.168.15.1 [0]<<109.123.70.28:5296(384)

Apr 16 03:15:47 192.168.15.1 OP ADD OBJ t=6 i=6080 s=717

Apr 16 03:15:47 192.168.15.1 

Apr 16 03:15:47 192.168.15.1 

Apr 16 03:15:47 192.168.15.1 OP ADD OBJ t=6 i=6080 s=727

Apr 16 03:15:47 192.168.15.1 OP ADD OBJ t=0 i=52 s=736

Apr 16 03:15:48 192.168.15.1 [0]->109.123.70.28:5296(307)

Apr 16 03:15:48 192.168.15.1 [0]->109.123.70.28:5296(307)

Apr 16 03:15:48 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "716"; tag=3731360132353131303132333032  Call-ID: 579903879  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-144252244  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:48 192.168.15.1 [0]<<109.123.70.28:5296(385)

Apr 16 03:15:48 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "745"; tag=37343501313831303431333837  Call-ID: 2338144659  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1326088722  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:48 192.168.15.1 OP ADD OBJ t=6 i=6080 s=770

Apr 16 03:15:48 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:48 192.168.15.1 OP ADD OBJ t=0 i=52 s=787

Apr 16 03:15:49 192.168.15.1 ; tag=3737370131383532353538333630  Accept: application/sdp  User-Agent: friendly-scanner  To: "777"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2918648012  Max-Forwards: 70   

Apr 16 03:15:49 192.168.15.1 OP ADD OBJ t=6 i=6080 s=797

Apr 16 03:15:49 192.168.15.1 [0]<<109.123.70.28:5296(383)

Apr 16 03:15:49 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:49 192.168.15.1 OP ADD OBJ t=6 i=6080 s=821

Apr 16 03:15:49 192.168.15.1 ; tag=3831360133323138303033373337  Accept: application/sdp  User-Agent: friendly-scanner  To: "816"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 4278761078  Max-Forwards: 70   

Apr 16 03:15:49 192.168.15.1 OP ADD OBJ t=6 i=6080 s=835

Apr 16 03:15:49 192.168.15.1 [0]<<109.123.70.28:5296(385)

Apr 16 03:15:50 192.168.15.1 OP ADD OBJ t=0 i=52 s=867

Apr 16 03:15:50 192.168.15.1 [0]<<109.123.70.28:5296(386)

Apr 16 03:15:50 192.168.15.1 [0]<<109.123.70.28:5296(385)

Apr 16 03:15:50 192.168.15.1 [0]<<109.123.70.28:5296(385)

Apr 16 03:15:50 192.168.15.1 ; tag=3836300131393433313039313234  Accept: application/sdp  User-Agent: friendly-scanner  To: "860"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2603420547  Max-Forwards: 70   

Apr 16 03:15:50 192.168.15.1 

Apr 16 03:15:50 192.168.15.1 

Apr 16 03:15:50 192.168.15.1 [0]<<109.123.70.28:5296(382)

Apr 16 03:15:51 192.168.15.1 [0]<<109.123.70.28:5296(382)

Apr 16 03:15:51 192.168.15.1 ; tag=38373001383633313930323832  Accept: application/sdp  User-Agent: friendly-scanner  To: "870"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 1275124981  Max-Forwards: 70   

Apr 16 03:15:51 192.168.15.1 [0]<<109.123.70.28:5296(383)

Apr 16 03:15:51 192.168.15.1 [0]<<109.123.70.28:5296(383)

Apr 16 03:15:51 192.168.15.1 ; tag=39313901353237323635323830  Accept: application/sdp  User-Agent: friendly-scanner  To: "919"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 1121487005  Max-Forwards: 70   

Apr 16 03:15:51 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:51 192.168.15.1 [0]->109.123.70.28:5296(309)

Apr 16 03:15:51 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "960"; tag=3936300134313835333736353536  Call-ID: 1956702420  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3690205179  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:52 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:15:52 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:15:52 192.168.15.1 ; tag=313030320132333835303734383431  Accept: application/sdp  User-Agent: friendly-scanner  To: "1002"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 1907039284  Max-Forwards: 70   

Apr 16 03:15:52 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:15:52 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:15:52 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1022"; tag=3130323201343337363237313233  Call-ID: 2587305068  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-2633499378  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:52 192.168.15.1 

Apr 16 03:15:53 192.168.15.1 [0]<<109.123.70.28:5296(391)

Apr 16 03:15:53 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1054

Apr 16 03:15:53 192.168.15.1 OP ADD OBJ t=0 i=52 s=1063

Apr 16 03:15:53 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:15:53 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:15:53 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1043"; tag=313034330131343633333131323232  Call-ID: 3794221240  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3751395345  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:53 192.168.15.1 ; tag=313036340132383336313736313430  Accept: application/sdp  User-Agent: friendly-scanner  To: "1064"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 3010157538  Max-Forwards: 70   

Apr 16 03:15:53 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1089

Apr 16 03:15:54 192.168.15.1 ; tag=313038360132353237373334313934  Accept: application/sdp  User-Agent: friendly-scanner  To: "1086"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2831757129  Max-Forwards: 70   

Apr 16 03:15:54 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:15:54 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:15:54 192.168.15.1 ; tag=313037340133353732313135323130  Accept: application/sdp  User-Agent: friendly-scanner  To: "1074"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 3880729733  Max-Forwards: 70   

Apr 16 03:15:54 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1142

Apr 16 03:15:54 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1150

Apr 16 03:15:54 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:15:54 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1145"; tag=313134350133393939323733373037  Call-ID: 2936633044  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-2634242961  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:55 192.168.15.1 

Apr 16 03:15:55 192.168.15.1 

Apr 16 03:15:55 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:15:55 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1163

Apr 16 03:15:55 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:15:55 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1175

Apr 16 03:15:55 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:15:55 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1188

Apr 16 03:15:56 192.168.15.1 OP ADD OBJ t=0 i=52 s=1197

Apr 16 03:15:56 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:15:56 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:15:56 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1177"; tag=313137370131313930363638323532  Call-ID: 4138303078  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-426938901  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:56 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1213

Apr 16 03:15:56 192.168.15.1 OP ADD OBJ t=0 i=52 s=1222

Apr 16 03:15:56 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:15:56 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:15:57 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1202"; tag=313230320132383139383936313537  Call-ID: 3021547585  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-2753761324  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:57 192.168.15.1 

Apr 16 03:15:57 192.168.15.1 

Apr 16 03:15:57 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:15:57 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:15:57 192.168.15.1 ; tag=313137370132333932323336313936  Accept: application/sdp  User-Agent: friendly-scanner  To: "1177"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 4138303078  Max-Forwards: 70   

Apr 16 03:15:57 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1280

Apr 16 03:15:57 192.168.15.1 

Apr 16 03:15:58 192.168.15.1 

Apr 16 03:15:58 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:15:58 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:15:58 192.168.15.1 OP ADD OBJ t=0 i=52 s=1312

Apr 16 03:15:58 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:15:58 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:15:58 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1295"; tag=313239350131353936353839383732  Call-ID: 3190485096  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-942044303  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:58 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1317

Apr 16 03:15:59 192.168.15.1 OP ADD OBJ t=0 i=52 s=1326

Apr 16 03:15:59 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:15:59 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:15:59 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1310"; tag=313331300132363033323536353832  Call-ID: 4011163413  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-4001335587  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:15:59 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1349

Apr 16 03:15:59 192.168.15.1 OP ADD OBJ t=0 i=52 s=1358

Apr 16 03:15:59 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:00 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:00 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1345"; tag=313334350131383930303134373137  Call-ID: 3758231286  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3056637017  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:00 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:00 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:00 192.168.15.1 ; tag=313338300133313731383632333132  Accept: application/sdp  User-Agent: friendly-scanner  To: "1380"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 3509585151  Max-Forwards: 70   

Apr 16 03:16:00 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1408

Apr 16 03:16:00 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1416

Apr 16 03:16:00 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:01 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:01 192.168.15.1 ; tag=313434300133323338363034363630  Accept: application/sdp  User-Agent: friendly-scanner  To: "1440"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 1350792011  Max-Forwards: 70   

Apr 16 03:16:01 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:01 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:01 192.168.15.1 ; tag=313431370131343531303834363036  Accept: application/sdp  User-Agent: friendly-scanner  To: "1417"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 2176078432  Max-Forwards: 70   

Apr 16 03:16:01 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:01 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:01 192.168.15.1 ; tag=313530330132393534313633373832  Accept: application/sdp  User-Agent: friendly-scanner  To: "1503"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2504180726  Max-Forwards: 70   

Apr 16 03:16:02 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1496

Apr 16 03:16:02 192.168.15.1 OP ADD OBJ t=0 i=52 s=1505

Apr 16 03:16:02 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:02 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:02 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1525"; tag=313532350134313337333030353135  Call-ID: 970394055  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-744285552  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:02 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:02 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:02 192.168.15.1 ; tag=313534340132343732343739343031  Accept: application/sdp  User-Agent: friendly-scanner  To: "1544"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 3422855055  Max-Forwards: 70   

Apr 16 03:16:03 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:03 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:03 192.168.15.1 ; tag=313537300132373637353831313738  Accept: application/sdp  User-Agent: friendly-scanner  To: "1570"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 1039467858  Max-Forwards: 70   

Apr 16 03:16:03 192.168.15.1 OP ADD OBJ t=0 i=52 s=1587

Apr 16 03:16:03 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:03 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:03 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1628"; tag=313632380131303138363131343030  Call-ID: 1893769740  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3977504495  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:03 192.168.15.1 

Apr 16 03:16:04 192.168.15.1 

Apr 16 03:16:04 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1584

Apr 16 03:16:04 192.168.15.1 OP ADD OBJ t=0 i=52 s=1593

Apr 16 03:16:04 192.168.15.1 [0]->109.123.70.28:5296(312)

Apr 16 03:16:04 192.168.15.1 [0]->109.123.70.28:5296(312)

Apr 16 03:16:04 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1636"; tag=3136333601313832363437363036  Call-ID: 197544844  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-2340423488  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:04 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:04 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:05 192.168.15.1 ; tag=3136353701393739303632363533  Accept: application/sdp  User-Agent: friendly-scanner  To: "1657"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2831057382  Max-Forwards: 70   

Apr 16 03:16:05 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:05 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:05 192.168.15.1 ; tag=313638300134303433353133343230  Accept: application/sdp  User-Agent: friendly-scanner  To: "1680"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 149600275  Max-Forwards: 70   

Apr 16 03:16:05 192.168.15.1 OP ADD OBJ t=0 i=52 s=1652

Apr 16 03:16:05 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:05 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:06 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1715"; tag=313731350131313035303432323033  Call-ID: 3663974939  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-447932537  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:06 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:06 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1710

Apr 16 03:16:06 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:06 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:06 192.168.15.1 ; tag=313831380132383534363431363730  Accept: application/sdp  User-Agent: friendly-scanner  To: "1818"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 967049846  Max-Forwards: 70   

Apr 16 03:16:06 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1749

Apr 16 03:16:06 192.168.15.1 OP ADD OBJ t=0 i=52 s=1758

Apr 16 03:16:07 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:07 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:07 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "1863"; tag=313836330133343939323735343332  Call-ID: 2228103738  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1615222434  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:07 192.168.15.1 

Apr 16 03:16:07 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:07 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:07 192.168.15.1 ; tag=313930310133343938313839343338  Accept: application/sdp  User-Agent: friendly-scanner  To: "1901"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 3922097472  Max-Forwards: 70   

Apr 16 03:16:07 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:08 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1818

Apr 16 03:16:08 192.168.15.1 [0]<<109.123.70.28:5296(390)

Apr 16 03:16:08 192.168.15.1 [0]<<109.123.70.28:5296(390)

Apr 16 03:16:08 192.168.15.1 ; tag=3139303201323632363735333333  Accept: application/sdp  User-Agent: friendly-scanner  To: "1902"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 390963604  Max-Forwards: 70   

Apr 16 03:16:08 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:08 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:08 192.168.15.1 ; tag=323030340131303330343135393238  Accept: application/sdp  User-Agent: friendly-scanner  To: "2004"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2759465436  Max-Forwards: 70   

Apr 16 03:16:08 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:09 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:09 192.168.15.1 ; tag=313937380131303039363930363130  Accept: application/sdp  User-Agent: friendly-scanner  To: "1978"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 2026577871  Max-Forwards: 70   

Apr 16 03:16:09 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1896

Apr 16 03:16:09 192.168.15.1 OP ADD OBJ t=0 i=52 s=1905

Apr 16 03:16:09 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:09 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:09 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2057"; tag=323035370134303437313335353539  Call-ID: 642901216  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1978777135  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:09 192.168.15.1                 ---- eval_prov_logic 1 ----  19114 --    3826194

Apr 16 03:16:10 192.168.15.1  cron[2082]: (root) CMD (/sbin/check_ps)

Apr 16 03:16:10 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1926

Apr 16 03:16:10 192.168.15.1 OP ADD OBJ t=0 i=52 s=1935

Apr 16 03:16:10 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:10 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:10 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2100"; tag=323130300131393137343332393734  Call-ID: 3236353647  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-2650827458  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:10 192.168.15.1 

Apr 16 03:16:10 192.168.15.1 

Apr 16 03:16:11 192.168.15.1 [0]<<109.123.70.28:5296(391)

Apr 16 03:16:11 192.168.15.1 [0]<<109.123.70.28:5296(391)

Apr 16 03:16:11 192.168.15.1 ; tag=3231313701333437343130343930  Accept: application/sdp  User-Agent: friendly-scanner  To: "2117"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 1147716715  Max-Forwards: 70   

Apr 16 03:16:11 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1953

Apr 16 03:16:11 192.168.15.1 OP ADD OBJ t=0 i=52 s=1962

Apr 16 03:16:11 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:11 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:11 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2138"; tag=323133380133383730333833383931  Call-ID: 1796518531  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-2847034409  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:12 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1982

Apr 16 03:16:12 192.168.15.1 OP ADD OBJ t=0 i=52 s=1991

Apr 16 03:16:12 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:12 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:12 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2181"; tag=3231383101363134333930323833  Call-ID: 1512194307  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1405644097  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:12 192.168.15.1 OP ADD OBJ t=6 i=6080 s=1998

Apr 16 03:16:12 192.168.15.1 OP ADD OBJ t=0 i=52 s=2007

Apr 16 03:16:12 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:13 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:13 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2199"; tag=323139390133323134303232383437  Call-ID: 627594767  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-2393935130  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:13 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2017

Apr 16 03:16:13 192.168.15.1 OP ADD OBJ t=0 i=52 s=2026

Apr 16 03:16:13 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:13 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:13 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2227"; tag=323232370133393934313333373336  Call-ID: 1827653130  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3154213105  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:13 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2032

Apr 16 03:16:14 192.168.15.1 OP ADD OBJ t=0 i=52 s=2041

Apr 16 03:16:14 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:14 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:14 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2247"; tag=323234370133373239373839373136  Call-ID: 134798716  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1376491521  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:14 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:14 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:14 192.168.15.1 ; tag=323330310131313532393235333339  Accept: application/sdp  User-Agent: friendly-scanner  To: "2301"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 3087321983  Max-Forwards: 70   

Apr 16 03:16:14 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2091

Apr 16 03:16:15 192.168.15.1 OP ADD OBJ t=0 i=52 s=2100

Apr 16 03:16:15 192.168.15.1 [0]->109.123.70.28:5296(312)

Apr 16 03:16:15 192.168.15.1 [0]->109.123.70.28:5296(312)

Apr 16 03:16:15 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2324"; tag=323332340132343637363530373334  Call-ID: 3324596  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1412419958  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:15 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:15 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:15 192.168.15.1 ; tag=323237350133343033353730313334  Accept: application/sdp  User-Agent: friendly-scanner  To: "2275"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 3225182983  Max-Forwards: 70   

Apr 16 03:16:15 192.168.15.1 [0]<<109.123.70.28:5296(391)

Apr 16 03:16:16 192.168.15.1 [0]<<109.123.70.28:5296(391)

Apr 16 03:16:16 192.168.15.1 ; tag=3233303201383239313039343138  Accept: application/sdp  User-Agent: friendly-scanner  To: "2302"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 1296044472  Max-Forwards: 70   

Apr 16 03:16:16 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2151

Apr 16 03:16:16 192.168.15.1 OP ADD OBJ t=0 i=52 s=2160

Apr 16 03:16:16 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:16 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:16 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2412"; tag=323431320133343836313031343730  Call-ID: 1052555959  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-2321523123  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:17 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2173

Apr 16 03:16:17 192.168.15.1 OP ADD OBJ t=0 i=52 s=2182

Apr 16 03:16:17 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:17 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:17 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2446"; tag=323434360132323739353932373233  Call-ID: 3966905288  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-817724742  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:17 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:17 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:17 192.168.15.1 ; tag=323339390131363631303339363234  Accept: application/sdp  User-Agent: friendly-scanner  To: "2399"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 285153979  Max-Forwards: 70   

Apr 16 03:16:18 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2226

Apr 16 03:16:18 192.168.15.1 OP ADD OBJ t=0 i=52 s=2235

Apr 16 03:16:18 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:18 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:18 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2530"; tag=3235333001353539313731363335  Call-ID: 1696152384  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3419080655  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:18 192.168.15.1 OP ADD OBJ t=0 i=52 s=2254

Apr 16 03:16:18 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:18 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:19 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2554"; tag=3235353401343139303335323330  Call-ID: 3232403119  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1614977962  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:19 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2255

Apr 16 03:16:19 192.168.15.1 OP ADD OBJ t=0 i=52 s=2271

Apr 16 03:16:19 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:19 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:19 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2582"; tag=323538320131313036393432373636  Call-ID: 1807261199  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1272451303  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:19 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:19 192.168.15.1 [0]<<109.123.70.28:5296(391)

Apr 16 03:16:20 192.168.15.1 

Apr 16 03:16:20 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:20 192.168.15.1 

Apr 16 03:16:20 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:20 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:20 192.168.15.1 ; tag=323631380132353630373932333132  Accept: application/sdp  User-Agent: friendly-scanner  To: "2618"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2708952290  Max-Forwards: 70   

Apr 16 03:16:20 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:20 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:21 192.168.15.1 [0]<<109.123.70.28:5296(391)

Apr 16 03:16:21 192.168.15.1 [0]<<109.123.70.28:5296(390)

Apr 16 03:16:21 192.168.15.1 [0]<<109.123.70.28:5296(390)

Apr 16 03:16:21 192.168.15.1 ; tag=3235393301323931383232363735  Accept: application/sdp  User-Agent: friendly-scanner  To: "2593"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 950816562  Max-Forwards: 70   

Apr 16 03:16:21 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:21 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:21 192.168.15.1 ; tag=323731330132323738313334313234  Accept: application/sdp  User-Agent: friendly-scanner  To: "2713"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 591663623  Max-Forwards: 70   

Apr 16 03:16:21 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2374

Apr 16 03:16:22 192.168.15.1 OP ADD OBJ t=0 i=52 s=2383

Apr 16 03:16:22 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:22 192.168.15.1 [0]->109.123.70.28:5296(313)

Apr 16 03:16:22 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2756"; tag=323735360131383834343533343933  Call-ID: 1128340074  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-98665475  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:22 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2390

Apr 16 03:16:22 192.168.15.1 OP ADD OBJ t=0 i=52 s=2399

Apr 16 03:16:22 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:22 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:23 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2786"; tag=323738360133303938303531393730  Call-ID: 2863391790  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3874886246  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:23 192.168.15.1 [0]<<109.123.70.28:5296(390)

Apr 16 03:16:23 192.168.15.1 [0]<<109.123.70.28:5296(390)

Apr 16 03:16:23 192.168.15.1 ; tag=3237343301383830323336383333  Accept: application/sdp  User-Agent: friendly-scanner  To: "2743"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 3441255220  Max-Forwards: 70   

Apr 16 03:16:23 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2440

Apr 16 03:16:23 192.168.15.1 OP ADD OBJ t=0 i=52 s=2449

Apr 16 03:16:23 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:23 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:23 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2871"; tag=323837310133303030303139313731  Call-ID: 1313478211  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-626769891  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:24 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2469

Apr 16 03:16:24 192.168.15.1 OP ADD OBJ t=0 i=52 s=2478

Apr 16 03:16:24 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:24 192.168.15.1 [0]->109.123.70.28:5296(314)

Apr 16 03:16:24 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2911"; tag=323931310134303033353130313236  Call-ID: 303924326  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-3361901660  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:24 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2486

Apr 16 03:16:24 192.168.15.1 OP ADD OBJ t=0 i=52 s=2495

Apr 16 03:16:24 192.168.15.1 [0]->109.123.70.28:5296(311)

Apr 16 03:16:25 192.168.15.1 [0]->109.123.70.28:5296(311)

Apr 16 03:16:25 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "2942"; tag=3239343201383533303031313832  Call-ID: 968701687  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-439432864  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:25 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:25 192.168.15.1 

Apr 16 03:16:25 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:25 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:25 192.168.15.1 ; tag=323839330131353035323532373231  Accept: application/sdp  User-Agent: friendly-scanner  To: "2893"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 2038574526  Max-Forwards: 70   

Apr 16 03:16:25 192.168.15.1 OP ADD OBJ t=6 i=6080 s=2517

Apr 16 03:16:26 192.168.15.1 OP ADD OBJ t=0 i=52 s=2526

Apr 16 03:16:26 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:26 192.168.15.1 [0]->109.123.70.28:5296(315)

Apr 16 03:16:26 192.168.15.1 ;tag=9e4f9edd846c5ad3i0  From: "3002"; tag=333030320131383139383438323737  Call-ID: 2009514818  CSeq: 1 REGISTER  Via: SIP/2.0/UDP 109.123.70.28:5296;branch=z9hG4bK-1113820622  Server: Linksys/WRP400-2.00.10  Content-Length: 0   

Apr 16 03:16:26 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:26 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:26 192.168.15.1 ; tag=333032360131373430313038323939  Accept: application/sdp  User-Agent: friendly-scanner  To: "3026"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 3102745884  Max-Forwards: 70   

Apr 16 03:16:26 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:27 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:27 192.168.15.1 ; tag=333037300131383530383031383230  Accept: application/sdp  User-Agent: friendly-scanner  To: "3070"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2897600349  Max-Forwards: 70   

Apr 16 03:16:27 192.168.15.1 [0]<<109.123.70.28:5296(391)

Apr 16 03:16:27 192.168.15.1 [0]<<109.123.70.28:5296(391)

Apr 16 03:16:27 192.168.15.1 ; tag=3331303801393038343339363035  Accept: application/sdp  User-Agent: friendly-scanner  To: "3108"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 511278912  Max-Forwards: 70   

Apr 16 03:16:27 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:27 192.168.15.1 [0]<<109.123.70.28:5296(393)

Apr 16 03:16:27 192.168.15.1 ; tag=333132390131373636353539383938  Accept: application/sdp  User-Agent: friendly-scanner  To: "3129"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 285097726  Max-Forwards: 70   

Apr 16 03:16:28 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:28 192.168.15.1 [0]<<109.123.70.28:5296(394)

Apr 16 03:16:28 192.168.15.1 ; tag=333136310133333838393236353735  Accept: application/sdp  User-Agent: friendly-scanner  To: "3161"  Contact: sip:[email protected]  CSeq: 1 REGISTER  Call-ID: 2086548098  Max-Forwards: 70   

Apr 16 03:16:28 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:28 192.168.15.1 [0]<<109.123.70.28:5296(392)

Apr 16 03:16:28 192.168.15.1 ; tag=333132330131393639303431383838  Accept: application/sdp  User-Agent: friendly-scanner  To: "3123"  Contact: sip:[email protected]  CSeq: 1 REGISTER ACK  Call-ID: 658411109  Max-Forwards: 70   

Apr 16 03:16:28 192.168.15.1                 ---- eval_prov_logic 1 ----  19117 --    3828040




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

Create new topic
171 posts

Master Geek
+1 received by user: 2


  Reply # 319571 17-Apr-2010 00:09 Send private message

I've discovered SipVicious quite recently, after reading this blog: blog.sipvicious.org/2009/12/getting-phonecalls-during-middle-of.html

The reason I looked for it was because we received a call from a chatline in the middle of the night.
So I was wondering if malicious web site could just scan IP addresses, finding open Sip ports and calling the IP address directly (the call came through our VFX line, but we also use the second port of our SPA2102 with another provider in Italy).
The WXC technical guy assured me that it's impossible. I've tried myself calling my box from the laptop using Express Talk without success.
So I thought that the real danger is for people running Asterisk.
But you're saying that it would be possible for attackers to get hold of your line through the Sip device, is that right? How?
What configuration on the LinkSys prevents that?

Phil Gale
1097 posts

Uber Geek
+1 received by user: 39

Trusted
Red Jungle
Subscriber

  Reply # 319594 17-Apr-2010 08:12 Send private message

Good post Phil.

Steve and I had a similar conversation last night over dinner. I was telling him how much I love SIP as a technology - but that I realised a long time ago that deployment is still an experts job.

I'd like to think I'm a pretty savvy guy - but I feel there are just far too many issues to understand without devoting a huge amount of time and energy towards it. Not to mention the fact that the technology is evolving all the time.

I am more than happy to live in a slightly rigid / locked down environment in exchange for the knowledge that the service provided is solid, safe and reliable.




Red Jungle: we make fantastic software

RSS  Twitter  Facebook  Skype

20101 posts

Uber Geek
+1 received by user: 1687

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 319651 17-Apr-2010 14:08 Send private message

ZiglioNZ: I've discovered SipVicious quite recently, after reading this blog: blog.sipvicious.org/2009/12/getting-phonecalls-during-middle-of.html

The reason I looked for it was because we received a call from a chatline in the middle of the night.
So I was wondering if malicious web site could just scan IP addresses, finding open Sip ports and calling the IP address directly (the call came through our VFX line, but we also use the second port of our SPA2102 with another provider in Italy).
The WXC technical guy assured me that it's impossible. I've tried myself calling my box from the laptop using Express Talk without success.
So I thought that the real danger is for people running Asterisk.
But you're saying that it would be possible for attackers to get hold of your line through the Sip device, is that right? How?
What configuration on the LinkSys prevents that?


Many SIP devices and VoIP providers allow direct URI calling. If your phone number was [email protected] and you were running a VoIP phone or ATA it's possible (depending on your provider) for another VoIP user to call your SIP URI directly by dialling this from their handset or softphone. This would bypass the PSTN and be a call purely over the internet. Depending on the configuration of your device it's also possible in some cases to call your IP phone/ATA directly, ie [email protected] which once again can have huge benefits but also has risks that go with it. WxC by default don't allow either. 

SIP URI calling is great and allows people to bypass the PSTN but if you're running an insecure PBX then somebody can easily bounce SIP calls off your PBX to another outgoing number. I'm aware of somebody running a poorly configured Epygi Quadro (whcih are rock solid, extremely secure boxes when configured properly) here in NZ that had a dialplan set that allowed anybody do make a SIP call to the box and out again to a foreign destination. Likewise with Asterisk if you're allowing anonymous inbound SIP traffic (ie not from an authenticated peer) then there are real risks involved.

There has been a huge amount of SIP traffic originating from Amazon EC2 machines over the last week port scanning and attempting brute force attacks on IP PBX's. I certainly think we are going to hear a lot more about PBX fraud in the future.

20101 posts

Uber Geek
+1 received by user: 1687

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 319746 17-Apr-2010 19:41 Send private message

ZiglioNZ:But you're saying that it would be possible for attackers to get hold of your line through the Sip device, is that right? How?
What configuration on the LinkSys prevents that?


I explained how URI's work but forgot to answer this.

Under Linksys SPA phones the option is "Auth Invite" - this needs to be set to 'yes' to restrict inbound URI connections. The device will now only accept SIP INVITE messages from the SIP proxy server that it is registered with.

If you have a Linksys phone or ATA registered to a SIP proxy (a PBX or VoIP provider) somebody can make a SIP URI call to the handset providing they know the username, ie if you have it registered as ext 202 on an Asterisk PBX with an IP address of 192.168.1.10 another user inside the network can make a SIP URI call to [email protected] and the phone will ring. Making a URI to [email protected] won't work as it's not the correct username.

If you have your phone registered on the internet to a VoIP provider and have this set to no somebody can make a SIP URI call to your phone if they know the username that you are registered with in much the same way. Lets say your number is [email protected] and you have an IP address of 100.99.98.97 - if somebody makes a SIP URI call to [email protected] then your phone will ring and you will be connected.

There are no "significant" security risks from this - nobody can hack your phone or access it and for many people SIP URI calling is a benefit of VoIP as you can make calls to another user over the internet without having to route calls via the PSTN. However unless you need this feature then setting it to no is recommended as it will stop you getting an annopying phonecall at 2am in morning when some h8x0r box out there finds your IP and works out the username using a sscript such as the sipvacious script which just keeps trying sequential usernames until it finds valid ones. There are other SIP devices put there that will ring when they receive any INVITE message, regardless of whether it's even got the correct username.

Once again it's the reason VFX lock down their devices - they can set important things like this that other players such as OrcaCom, 2talk etc make no mention of. I'm not saying either of these provide bad services, but they certainly do a very poor job of device configuration by giving people incorrect and potentially insecure settings.

171 posts

Master Geek
+1 received by user: 2


  Reply # 319761 17-Apr-2010 20:53 Send private message

Thanks Steve, "I like" you answers Wink

171 posts

Master Geek
+1 received by user: 2


  Reply # 319782 17-Apr-2010 22:23 Send private message

I've just tried calling our second line (the Italian VoIP) from the laptop, direct connection number@local_ ip_address using Express Talk. It does ring!
I guess I need to do some work to secure that line, following Steve's suggestions.
I've configured it myself, according to the provider's instructions. 

20101 posts

Uber Geek
+1 received by user: 1687

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 319824 18-Apr-2010 08:14 Send private message

ZiglioNZ: I've just tried calling our second line (the Italian VoIP) from the laptop, direct connection number@local_ ip_address using Express Talk. It does ring!
I guess I need to do some work to secure that line, following Steve's suggestions.
I've configured it myself, according to the provider's instructions. 


Can you also make a SIP URI call to your VoIP provider? ie [email protected] because even if you restrict non authorised SIP calls somebody will still potentially be able to call you this way if your VoIP provider allows inbound SIP traffic to their own users. It's just unfortunate that one of the great benefits of VoIP (URI calling) is in effect being ruined by hackers.

20101 posts

Uber Geek
+1 received by user: 1687

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 319828 18-Apr-2010 08:39 Send private message

A bit of background into the current Amazon EC2 originated SIP attacks that are still ongoing. http://slashdot.org/submission/1217938/

171 posts

Master Geek
+1 received by user: 2


  Reply # 319829 18-Apr-2010 08:43 Send private message

Can you also make a SIP URI call to your VoIP provider? ie [email protected] 


I don't seem to be able. Tried @voip... and also @stun.voip... Not too sure what a stun server is exactly.

[update]
Express Talk returns this error when trying @voip: "Password is being requested when none is available!"
Why is a password required? does the voip provider allow just its own users to route calls through itself?

But even with the IP address only, couldn't we restrict the set of callers anyway?

20101 posts

Uber Geek
+1 received by user: 1687

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 319847 18-Apr-2010 09:44 Send private message

If you can't make a SIP URI call to your account your VoIP provider is blocking it which is a good security measure.

Not sure about the password, it's obviously some sort of error message in the program and not a SIP specific error code.

As for restricting users to call your IP address there is no real provision in phones to do this. It's easy to do things like this if you're running PBX software such as Asterisk or run some form of SIP proxy between your phone and your VoIP provider.


Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Click Monday Deals
Created by mrtoken, last reply by Krishant007 on 24-Nov-2014 17:11 (25 replies)
Pages... 2


Gull Employment Dispute.
Created by networkn, last reply by Geektastic on 26-Nov-2014 16:35 (142 replies)
Pages... 8 9 10


Gigatown winner town and plans
Created by freitasm, last reply by NonprayingMantis on 27-Nov-2014 03:47 (44 replies)
Pages... 2 3


HP Stream 7 arrives
Created by gnfb, last reply by gnfb on 26-Nov-2014 22:49 (19 replies)
Pages... 2


The Warehouse pulling R18 games and DVD's
Created by semigeek, last reply by mattwnz on 26-Nov-2014 16:13 (56 replies)
Pages... 2 3 4


Lollipop no more
Created by ronw, last reply by kiwitrc on 26-Nov-2014 13:44 (13 replies)

Knock off electronics in The Warehouse
Created by jpoc, last reply by openmedia on 26-Nov-2014 13:01 (13 replies)

Letter from Vodafone Speed Decrease WTF
Created by rokki, last reply by rokki on 27-Nov-2014 04:43 (22 replies)
Pages... 2



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.