It's not only ddos that they are interrested in. A malconfigured SIP PBX can also be misused as their personal PBX and breakout. You would not be the first whose call credit would shoot through the roof once they find a flaw in the configuration
Ruben - ON3RVH
On 22 Apr 2017, at 18:40, Brian Kantor Brian@UCSD.Edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ These are probably unmanned bots. The SIP implementation on a number of devices are known to have Denial of Service vulnerabilities that can crash the system, so the bad guys' bots like to look for that port.
- Brian
On Sat, Apr 22, 2017 at 04:34:56PM +0000, R P wrote: (Please trim inclusions from previous messages) _______________________________________________ I think I have asked it before but i see on the log a lot of incoming UDP port 5060 to all the hosts (even that are not active currently but defined in the AMPR dns and therefore have routing to my gateway ) from all over the world
What is it ? who have interest to look for SIP on my system ?
Is there a way to cut and paste part of the log of Mikrotik router ? i can not do it when i enter it from the web interface so could not copy the relevant log part
Thanks Forward
Ronen - 4Z4ZQ
Ronen Pinchooks (4Z4ZQ) WebSitehttp://www.ronen.org/ www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com