On 10/15/2010 12:56 AM, Rick Sewill wrote: [snip] >> Would you mind sharing which networks your attacks came from? >> > > I hesitate to answer, but will. > > The people who own 67.222.1.124 and 184.106.213.202 > were very cooperative and interested. > > The Chinese IP address was 218.14.146.200. > I could connect to 218.14.146.200 port 80 and saw, > what I thought, was a Chinese job website...I don't know Chinese. > I apologize if the website is not Chinese. > > The attack packets had a user agent name of friendly-scanner. > > I assumed it was a version of something found at > http://blog.sipvicious.org/ > > I assume it was looking for an asterisk server. > > Unfortunately, my twinkle client decided to reply. > I tried looking for a twinkle configuration option to tell twinkle to > just ignore REGISTER requests, to no avail. It seems to be sipvicious although headers can be forged. The site looks Chinese to my untrained eyes too. I searched on the Twinkle website but couldn't find a way to ignore register requests. I don't know if other clients also respond to register requests so can't recommend any alternatives. Regards, Patrick -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
