Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VAXSIP Hacking?

Status
Not open for further replies.
IPOCraft

IPOCraft

Technical User
Apr 9, 2014
49
PE
I monitoring last nigth the IPO I see this kind of traffic (I replace the public IP with the tag [Public IP]):

00:15:18 204427mS SIP Reg/Opt Rx: phone
REGISTER sip:[Public IP]:5060 SIP/2.0
Via: SIP/2.0/UDP 212.83.138.43:5134;branch=z9hG4bK15247dc09219d16545c565c;rport
From: "780" <sip:780@181.65.151.92:5060>;tag=15247dc09f2f
To: "780" <sip:780@[Public IP]:5060>
Call-ID: dc09219-3b8fd16-545c565c@181.65.151.92
CSeq: 1 REGISTER
Contact: "780" <sip:780@212.83.138.43:5134>
User-Agent: VaxSIPUserAgent/3.1
Expires: 1800
Max-Forwards: 70
Content-Length: 0

00:15:18 204427mS Sip: SIPDialog f5540cd8 created, dialogs 1
00:15:18 204427mS Sip: SIP REG: Remote worker. No extn nor user.
00:15:18 204427mS SIP Reg/Opt Tx: phone
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 212.83.138.43:5134;branch=z9hG4bK15247dc09219d16545c565c;rport
From: "780" <sip:780@181.65.151.92:5060>;tag=15247dc09f2f
Call-ID: dc09219-3b8fd16-545c565c@[Public IP]
CSeq: 1 REGISTER
User-Agent: IP Office 9.0.2.0 build 860
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,NOTIFY,INFO,SUBSCRIBE,REGISTER,PUBLISH
Supported: timer
Server: IP Office 9.0.2.0 build 860
Reason: Q.850;cause=21;text="Call rejected"
To: "780" <sip:780@181.65.151.92:5060>;tag=a05878a337b53f45
Content-Length: 0


VAXSIPUserAgent? Do you see something like this? It sees like hacking... I don't have a user 780 (and I see a lot of message with user extn 780, 970, 940, etc).
 
Sort by date Sort by votes
Are you serious you are only asking for trouble with a public ip, ( a hackers dream)

 
Upvote 0 Downvote
Yes that's what hackers do, they'll keep trying fom months now, then they'll try TAPI and Phone Manager.....:)

 
Upvote 0 Downvote
You will probably also see sip vicious and friendly sip scanner having a go :)

 
Upvote 0 Downvote
Yes a lot of extrange SIP messaging... I'm behind a firewall smokingjoe2938, but I need public IP for 1XM implementation!
 
Upvote 0 Downvote
A firewall that opens up for traffic to everyone is not a secure boundary anymore.
You'd be surprised how much damage they can do with only one port open.

An SBC might be your best way to go.

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

2cnvimggcac8ua2fg.jpg
 
Upvote 0 Downvote
Do you have SIP trunks?
If not then turn off the option on the lan port.
But this is where a SBC is needed.
You could also change the default ports on the voip tab.


BAZINGA!

I'm not insane, my mother had me tested!

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

safenestvmem
  • Locked
  • Question
Foreign hacking attempts constantly 3
Replies
12
Views
98
jamie77
jamie77
dsm600rr
  • Locked
  • Question
Hacking Attempts. 3
2
Replies
31
Views
272
dsm600rr
dsm600rr
TheMitelGuy
  • Locked
  • Question
Hacking from/using Avaya IP 1120E SIP Firmware
Replies
2
Views
64
Okkie26
Okkie26
Kibbs308
  • Locked
  • Question
Possible Hacking?
Replies
11
Views
141
derfloh
derfloh
torilee
  • Locked
  • Question
Ip Office Security / Hacking 3
Replies
5
Views
92
bahmonkeys
bahmonkeys

Part and Inventory Search

Sponsor

Back
Top