sipvicious bruteforce

sipvicious bruteforce, Some service eating up bandwidth of my VPS (4 Replies, Read 7792 times)

Waqass	September 21, 2021, 7:26 pm
Group: Member Post Group: Newbie Posts: 12 Status:	on any vps I run i get the following output which is originated from an ip 45.95.147.20 related to my data center but not of my server. Its eating the bandwidth of vps even if a new one is created. I don't know how it is running on each vps. Is it possible to cater this issue as my clients are suffering because of this. Code # tcpdump -nN -evv tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 17:04:46.438802 d0:50:99:de:94:33 > 01:00:5e:62:78:90, ethertype IPv4 (0x0800), length 453: (tos 0x0, ttl 1, id 1957, offset 0, flags [DF], proto UDP (17), length 439) 45.95.147.20.5136 > 231.98.120.144.5060: [udp sum ok] SIP, length: 411 OPTIONS sip:100@231.98.120.144 SIP/2.0 Via: SIP/2.0/UDP 45.95.147.20:5136;branch=z9hG4bK-1351314940;rport Content-Length: 0 From: "sipvicious"<sip:100@1.1.1.1>;tag=6537363237383930313363340131333530383631363336 Accept: application/sdp User-Agent: friendly-scanner To: "sipvicious"<sip:100@1.1.1.1> Contact: sip:100@45.95.147.20:5136 CSeq: 1 OPTIONS Call-ID: 3014767519076859219606 Max-Forwards: 70 17:04:46.439007 d0:50:99:de:94:33 > 01:00:5e:62:7e:b9, ethertype IPv4 (0x0800), length 455: (tos 0x0, ttl 1, id 45206, offset 0, flags [DF], proto UDP (17), length 441) 45.95.147.20.5190 > 235.98.126.185.5060: [udp sum ok] SIP, length: 413 OPTIONS sip:100@235.98.126.185 SIP/2.0 Via: SIP/2.0/UDP 45.95.147.20:5190;branch=z9hG4bK-3065124847;rport Content-Length: 0 From: "sipvicious"<sip:100@1.1.1.1>;tag=6562363237656239313363340133383938323130333232 Accept: application/sdp User-Agent: friendly-scanner To: "sipvicious"<sip:100@1.1.1.1> Contact: sip:100@45.95.147.20:5190 CSeq: 1 OPTIONS Call-ID: 398773426030643555343632 Max-Forwards: 70 17:04:46.440089 d0:50:99:de:94:33 > 01:00:5e:62:7d:6d, ethertype IPv4 (0x0800), length 452: (tos 0x0, ttl 1, id 15640, offset 0, flags [DF], proto UDP (17), length 438) 45.95.147.20.5258 > 224.98.125.109.5060: [udp sum ok] SIP, length: 410 OPTIONS sip:100@224.98.125.109 SIP/2.0 Via: SIP/2.0/UDP 45.95.147.20:5258;branch=z9hG4bK-35424907;rport Content-Length: 0 From: "sipvicious"<sip:100@1.1.1.1>;tag=65303632376436643133633401393634343030333632 Accept: application/sdp User-Agent: friendly-scanner To: "sipvicious"<sip:100@1.1.1.1> Contact: sip:100@45.95.147.20:5258 CSeq: 1 OPTIONS Call-ID: 1157893217749774267348757 Max-Forwards: 70 17:04:46.440097 d0:50:99:de:94:33 > 01:00:5e:62:6a:0f, ethertype IPv4 (0x0800), length 451: (tos 0x0, ttl 1, id 22857, offset 0, flags [DF], proto UDP (17), length 437) 45.95.147.20.5211 > 227.98.106.15.5060: [udp sum ok] SIP, length: 409 OPTIONS sip:100@227.98.106.15 SIP/2.0 Via: SIP/2.0/UDP 45.95.147.20:5211;branch=z9hG4bK-333274933;rport Content-Length: 0 From: "sipvicious"<sip:100@1.1.1.1>;tag=65333632366130663133633401373530363936303131 Accept: application/sdp User-Agent: friendly-scanner To: "sipvicious"<sip:100@1.1.1.1> Contact: sip:100@45.95.147.20:5211 CSeq: 1 OPTIONS Call-ID: 948505290613103069112209 Max-Forwards: 70 17:04:46.440461 d0:50:99:de:94:33 > 01:00:5e:62:7f:8c, ethertype IPv4 (0x0800), length 456: (tos 0x0, ttl 1, id 11361, offset 0, flags [DF], proto UDP (17), length 442) 45.95.147.20.5294 > 230.98.127.140.5060: [udp sum ok] SIP, length: 414 OPTIONS sip:100@230.98.127.140 SIP/2.0 Via: SIP/2.0/UDP 45.95.147.20:5294;branch=z9hG4bK-3225388521;rport Content-Length: 0 From: "sipvicious"<sip:100@1.1.1.1>;tag=6536363237663863313363340134303035383937393534 Accept: application/sdp User-Agent: friendly-scanner To: "sipvicious"<sip:100@1.1.1.1> Contact: sip:100@45.95.147.20:5294 CSeq: 1 OPTIONS Call-ID: 1190968937188361579917431 Max-Forwards: 70
IP: --

Users viewing this topic
	1 guests, 0 users.