sipvicious bruteforce

Sun, 26 Sep 2021 09:06:00 GMT

I am not running pbx...maybe someone else in the datacenter whonis scanning the ports. Ill try to run firewall today but I am not sure enabling vietualizor ports will not hinder my vpses connectivity.

sipvicious bruteforce

Sun, 26 Sep 2021 09:02:18 GMT

You should install a firewall application like csf on your pbx. That makes configuration of firewall rules (including Virtualizor Ports etc.) very easy. You can of course also set the required rules manually with iptables. But on a pbx, I would highly suggest having a working firewall & intrusion detection.

sipvicious bruteforce

Thu, 23 Sep 2021 18:04:41 GMT

Thanks for response but the iptables services is not loaded so I installed it using
yum -y install epel-release
yum install iptables-services -y

and upon enabling it all the vps goes down including the virtualizor panel. The builtin firewalld is also behaving in the same manner.

sipvicious bruteforce

Wed, 22 Sep 2021 13:39:53 GMT

If you are running a pbx on your vps, it´s very normal to get this type of connections. It´s like guessing FTP logins but for telephone systems. Your pbx should handle these attacks accordingly.
If you are concerned, you may block this IP in IPTABLES.

Tue, 21 Sep 2021 19:26:35 GMT

on any vps I run i get the following output which is originated from an ip 45.95.147.20 related to my data center but not of my server. Its eating the bandwidth of vps even if a new one is created. I don't know how it is running on each vps. Is it possible to cater this issue as my clients are suffering because of this.

Code
# tcpdump -nN -evv

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

17:04:46.438802 d0:50:99:de:94:33 > 01:00:5e:62:78:90, ethertype IPv4 (0x0800), length 453: (tos 0x0, ttl 1, id 1957, offset 0, flags [DF], proto UDP (17), length 439)

45.95.147.20.5136 > 231.98.120.144.5060: [udp sum ok] SIP, length: 411

OPTIONS sip:100@231.98.120.144 SIP/2.0

Via: SIP/2.0/UDP 45.95.147.20:5136;branch=z9hG4bK-1351314940;rport

Content-Length: 0

From: "sipvicious";tag=6537363237383930313363340131333530383631363336

Accept: application/sdp

User-Agent: friendly-scanner

To: "sipvicious"

Contact: sip:100@45.95.147.20:5136

CSeq: 1 OPTIONS

Call-ID: 3014767519076859219606

Max-Forwards: 70

17:04:46.439007 d0:50:99:de:94:33 > 01:00:5e:62:7e:b9, ethertype IPv4 (0x0800), length 455: (tos 0x0, ttl 1, id 45206, offset 0, flags [DF], proto UDP (17), length 441)

45.95.147.20.5190 > 235.98.126.185.5060: [udp sum ok] SIP, length: 413

OPTIONS sip:100@235.98.126.185 SIP/2.0

Via: SIP/2.0/UDP 45.95.147.20:5190;branch=z9hG4bK-3065124847;rport

Content-Length: 0

From: "sipvicious";tag=6562363237656239313363340133383938323130333232

Accept: application/sdp

User-Agent: friendly-scanner

To: "sipvicious"

Contact: sip:100@45.95.147.20:5190

CSeq: 1 OPTIONS

Call-ID: 398773426030643555343632

Max-Forwards: 70

17:04:46.440089 d0:50:99:de:94:33 > 01:00:5e:62:7d:6d, ethertype IPv4 (0x0800), length 452: (tos 0x0, ttl 1, id 15640, offset 0, flags [DF], proto UDP (17), length 438)

45.95.147.20.5258 > 224.98.125.109.5060: [udp sum ok] SIP, length: 410

OPTIONS sip:100@224.98.125.109 SIP/2.0

Via: SIP/2.0/UDP 45.95.147.20:5258;branch=z9hG4bK-35424907;rport

Content-Length: 0

From: "sipvicious";tag=65303632376436643133633401393634343030333632

Accept: application/sdp

User-Agent: friendly-scanner

To: "sipvicious"

Contact: sip:100@45.95.147.20:5258

CSeq: 1 OPTIONS

Call-ID: 1157893217749774267348757

Max-Forwards: 70

17:04:46.440097 d0:50:99:de:94:33 > 01:00:5e:62:6a:0f, ethertype IPv4 (0x0800), length 451: (tos 0x0, ttl 1, id 22857, offset 0, flags [DF], proto UDP (17), length 437)

45.95.147.20.5211 > 227.98.106.15.5060: [udp sum ok] SIP, length: 409

OPTIONS sip:100@227.98.106.15 SIP/2.0

Via: SIP/2.0/UDP 45.95.147.20:5211;branch=z9hG4bK-333274933;rport

Content-Length: 0

From: "sipvicious";tag=65333632366130663133633401373530363936303131

Accept: application/sdp

User-Agent: friendly-scanner

To: "sipvicious"

Contact: sip:100@45.95.147.20:5211

CSeq: 1 OPTIONS

Call-ID: 948505290613103069112209

Max-Forwards: 70

17:04:46.440461 d0:50:99:de:94:33 > 01:00:5e:62:7f:8c, ethertype IPv4 (0x0800), length 456: (tos 0x0, ttl 1, id 11361, offset 0, flags [DF], proto UDP (17), length 442)

45.95.147.20.5294 > 230.98.127.140.5060: [udp sum ok] SIP, length: 414

OPTIONS sip:100@230.98.127.140 SIP/2.0

Via: SIP/2.0/UDP 45.95.147.20:5294;branch=z9hG4bK-3225388521;rport

Content-Length: 0

From: "sipvicious";tag=6536363237663863313363340134303035383937393534

Accept: application/sdp

User-Agent: friendly-scanner

To: "sipvicious"

Contact: sip:100@45.95.147.20:5294

CSeq: 1 OPTIONS

Call-ID: 1190968937188361579917431

Max-Forwards: 70