cNotes 検索 一覧 カテゴリ

不正なSIP着信 44

Published: 2011/06/02

ここ2週間分。

IPnameASAS name頻度
128.105.104.102adsl-02.cs.wisc.edu.59UW-MadisonUS11034
168.143.155.165NONE2914NTT-COMMUNICATIONS-2914US1
80.196.152.2500x50c498fa.cpe.ge-0-1-0-1101.bllnqu1.customer.tele.dk.3292TDCDK1
125.75.128.136136.128.125.75.gs.dynamic.163data.com.cn.4134CHINA-TELECOMCN2
218.22.26.132132.26.22.218.broad.static.hf.ah.cndata.com.4134CHINA-TELECOMCN10590
61.146.178.173NONE4134CHINA-TELECOMCN2
114.78.121.31d114-78-121-31.bla22.nsw.optusnet.com.au.4804MPX-ASAU2
203.156.200.233NONE4812CHINANET-SH-APCN2
203.156.200.233NONE4812CHINANET-SH-APCN2
116.255.134.233NONE4837CHINA169-BACKBONECN1
200.111.178.53NONE6471NO_ENTRIESCL1
195.96.170.110NONE6863ROSNET-ASRU2
195.96.170.110NONE6863ROSNET-ASRU2
187.141.91.37customer-187-141-91-37-sta.uninet-ide.com.mx.8151LACNIC-8151MX2
85.88.131.78NONE8220COLTPT2
212.16.203.52host-203-52.hosts.vtc.ru.8920VTC-ASRU2
58.6.193.145dsl-58-6-193-145.wa.westnet.com.au.9543WESTNET-AS-APAU2
61.19.112.38NONE9931CAT-APTH1
88.191.98.176static.bankexam.fr.12322PROXADFR151
190.145.30.90NONE14080ASN-TELMEX-COLOMBIACO2
66.199.232.9866-199-232-98.reverse.ezzi.net.15149EZZI-101-BGPUS1
201.130.192.150201-130-192-150-cable.cybercable.net.mx.16960LACNIC-16960MX2
220.248.96.20NONE17621CNCGROUP-SHCN1
190.187.112.162NONE19180NO_ENTRIESPE1
50.56.30.19250-56-30-192.static.cloud-ips.com.19994RACKSPACE-SATUS63995
184.82.41.66184-82-41-66.hostnoc.net.21788BurstNetUS10078
67.15.68.34ns1.1server4u.com.21844THEPLANET-AS2US11001
75.125.1.114ns1.mylocalnet.com.21844THEPLANET-AS2US2
200.105.245.44corp-200-105-245-44-uio.punto.net.ec.22724NO_ENTRIESEC2
64.235.53.82lasvegas-nv-datacenter.com.26277NO_ENTRIESUS2
64.85.166.198b04s06ur.corenetworks.net.30517GREAT-LAKES-COMNETUS2
173.0.50.121NONE32097RoadRunnerUS13430
173.0.61.93NONE32097RoadRunnerUS1802
208.88.8.219NONE40603NO_ENTRIESUS2
124.217.230.31NONE45839NO_ENTRIESMY2
221.177.170.113NONE56047NO_ENTRIESCN1
41.72.134.36NONE65419NO_ENTRIESZA2

bruteforceに利用されるIDは、

相変わらず「不正なSIP着信 32」のようなシーケンシャルな数字、単語辞書なものが多いですが、

最近このような意図不明?バグ?なIDが大量に利用されるようになっています。

  10/10/60
  10/10/61
  10/10/62
  10/10/63
  10/10/64
  10/10/65
  10/10/66
  10/10/67
  10/10/68
  10/10/69
  10/10/70
  10/10/71
  10/10/72
  10/11/60
  10/11/61
  11/5/60
  11/5/61
  11/5/62
  11/5/63
  11/5/64
  11/5/65
  11/5/66
  9/9/69
  9/9/70
  9/9/71
  9/9/72
  ac/dc
  /dev/null
  /etc/passwd
  /.,m
  /.,mn
  /.,mnb
  os/2
  tcp/ip
  /usr/group
  /.,

[カテゴリ:IP電話観察日記]

by jyake