cNotes 検索 一覧 カテゴリ

不正なSIP着信 68.168.112.252

Published: 2009/12/18

いつものINVITE Floodです。もしくは、オープンなSIPサーバーと思われているかのどちらか。

送信元はこのあたりから。

 68.168.112.252
 66.117.50.180
 216.246.7.86
 113.105.152.54
 113.105.152.58
 113.105.152.211

 CustName:   Jake Harolds
 Address:    18 Valley Road
 City:       Nairobi
 StateProv:  N/A
 PostalCode: 
 Country:    KE
 RegDate:    2009-08-24
 Updated:    2009-08-24
 
 NetRange:   68.168.112.240 - 68.168.112.255 
 CIDR:       68.168.112.240/28 
 NetName:    GTCOMM-578

 OrgName:    Carpathia Hosting, Inc. 
 OrgID:      CARPA-3
 Address:    PO Box 2145
 City:       Ashburn
 StateProv:  VA
 PostalCode: 20146
 Country:    US
 
 ReferralServer: rwhois://rwhois.carpathiahost.com:4321
 
 NetRange:   66.117.32.0 - 66.117.63.255 

 CustName:   HostForWeb Inc
 Address:    7061 N. Kedzie Ave
 Address:    Suite 302
 City:       Chicago
 StateProv:  IL
 PostalCode: 60645
 Country:    US
 RegDate:    2006-09-07
 Updated:    2006-09-07
 
 NetRange:   216.246.7.0 - 216.246.7.255 
 CIDR:       216.246.7.0/24 
 NetName:    SCNET-216-246-7-0
 NetHandle:  NET-216-246-7-0-1
 Parent:     NET-216-246-0-0-1
 NetType:    Reassigned

 inetnum:      113.96.0.0 - 113.111.255.255
 netname:      CHINANET-GD
 descr:        CHINANET Guangdong province network
 descr:        Data Communication Division
 descr:        China Telecom
 country:      CN

特徴は68.168.112.252からのCall-IDは

このような文字列のものと、

 lJ9e1IsKdlM0uyNpmEHdeBCraYHMfQpc8KRu8FPG5vZa4w37H3jZetd5xwyh
 X7jyUcPAwctwmDMUuProVMHcRPONRNQs4pK9qFlczurVJtH5IPUR7FTKBKft
 aPVlVMGlZArNrkVu0URUyN57gp4bPaeEDaKoKXHuQ9SiJDfyp1tpkyiZKueL

66.117.50.180,216.246.7.86,113.105.152.54,113.105.152.58,113.105.152.211からはこのようなまっとうな感じのもの。

 213948958-00415204868-384748@66.117.50.225
 213948958-01048265865-384748@66.117.50.225

 User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 4596 (4596)
    Source port: 5060 (5060)
    Destination port: 4596 (4596)
    Length: 557
    Checksum: 0x5bc5 [incorrect, should be 0x2a70 (maybe caused by "UDP checksum offload"?)]
        [Good Checksum: False]
        [Bad Checksum: True]
 Session Initiation Protocol
    Status-Line: SIP/2.0 603 Declined
        Status-Code: 603
        [Resent Packet: True]
        [Suspected resend of frame: 19032]
    Message Header
        Via: SIP/2.0/UDP 68.168.112.252:4596;branch=NXVcXGr-VytWMJ-
 7BmVWXqva8xApZjL-1--FlgsoU-;received=68.168.112.252;rport=4596
            Transport: UDP
            Sent-by Address: 68.168.112.252
            Sent-by port: 4596
            Branch: NXVcXGr-VytWMJ-7BmVWXqva8xApZjL-1--FlgsoU-
            Received: 68.168.112.252
            RPort: 4596
        From: "11940352946"<sip:11940352946@x.x.x.x>;tag=9b921b3e
            SIP Display info: "11940352946"
            SIP from address: sip:11940352946@x.x.x.x
            SIP tag: 9b921b3e
         
 To: "002333155786056@x.x.x.x"<sip:002333155786056@x.x.x.x>;tag=as129f42c7
            SIP Display info: "002333155786056@x.x.x.x"
            SIP to address: sip:002333155786056@x.x.x.x
            SIP tag: as129f42c7
        Call-ID: O7XQWiSIWCaObFhDbFWkw8gyWw8mN3tC24HZVJTxppCshKMRyjTS6fnEFWQ3
        CSeq: 1 INVITE
            Sequence Number: 1
            Method: INVITE
        User-Agent: Asterisk PBX
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
        Contact: <sip:002333155786056@x.x.x.x>
            Contact Binding: <sip:002333155786056@x.x.x.x>
                URI: <sip:002333155786056@x.x.x.x>
                    SIP contact address: sip:002333155786056@x.x.x.x
        Content-Length: 0

[カテゴリ:IP電話観察日記]

by jyake

Powered by FreeStyleWikiLite X

TOP

Contents

About cNotes

What's New

2014/10/04 2014/08/22 2014/08/21 2014/08/15 2014/07/22 2014/07/01 2014/06/29 2014/06/28 2014/04/29 2014/04/28

2009年12月18日 09時33分27秒