It's not only ddos that they are interrested in. A malconfigured SIP PBX can also be misused as their personal PBX and breakout. You would not be the first whose call credit would shoot through the roof once they find a flaw in the configuration Ruben - ON3RVH > On 22 Apr 2017, at 18:40, Brian Kantor &lt;Brian(a)UCSD.Edu&gt; wrote: > > (Please trim inclusions from previous messages) > _______________________________________________ > These are probably unmanned bots. The SIP implementation on a number > of devices are known to have Denial of Service vulnerabilities that > can crash the system, so the bad guys' bots like to look for that port. > - Brian > >> On Sat, Apr 22, 2017 at 04:34:56PM +0000, R P wrote: >> (Please trim inclusions from previous messages) >> _______________________________________________ >> I think I have asked it before but i see on the log a lot of incoming UDP port 5060 to all the hosts (even that are not active currently but defined in the AMPR dns and therefore have routing to my gateway ) from all over the world >> >> What is it ? who have interest to look for SIP on my system ? >> >> >> Is there a way to cut and paste part of the log of Mikrotik router ? i can not do it when i enter it from the web interface so could not copy the relevant log part >> >> Thanks Forward >> >> Ronen - 4Z4ZQ >> >> http://www.ronen.org >> >> Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> >> www.ronen.org >> ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com >> >> >> >>