Is it a SIP Recon scan or something else

Published: 2006-10-07. Last Updated: 2006-10-07 21:01:48 UTC
by Deborah Hale (Version: 1)
0 comment(s)
It seems that there have been some reports of calls on SIP devices over the last couple of days with a caller ID of ?John Doe <4000>?.

According to an article on's blog site FreePBX :

"This does seem to be a world first - It?s someone, or something, actively scanning the entire internet for misconfigured SIP devices."

Is someone or something testing for a hole or are they checking for systems that are vulnerable to some exploit? According to article SIP uses port 5060.  A quick look at the DShield report for port 5060 there has been some activity on this port but nothing significant.  It will be interesting to see just how wide spread this is.  If you are using an SIP device and have seen this activity on your system let us know. If you have any thoughts or ideas regarding this activity tell us about it.

Thanks to Babak for sending us this information.

0 comment(s)

Handlers in Vegas - Slow Diary Day

Published: 2006-10-07. Last Updated: 2006-10-07 20:39:55 UTC
by Deborah Hale (Version: 1)
0 comment(s)
It has really been a slow news day and  many of our Handlers are in Vegas at the SANS conference. Humm, makes you wonder if there is a connection.  Anyway we can't wait to get a report back from those attending as to the fun and frivolities that they have encountered.

In light of the slow diary day, I want to take this opportunity to write about the SANS Reading Room.

 SANS Reading Room

If you haven't taken a look at the information in the Reading Room yet you will be surprised at what you have missed.  There is a wealth of information and lots of valuable resources on a number of topics of interest to anyone in the Computer Security/Information Security field.  There is also a great deal of information to help you learn more about how to secure your networks. 

New information and articles are added regularly so you will want to check back often to see what new information is available.
0 comment(s)


Diary Archives