67.215.13.186からの不正なSIP着信
Published: 2009/03/04
量は少なく、対象も限定的になっていますが、しつこく続きますね。「67.215.13.194からの不正なSIP着信 つづき」から微妙にアドレスが変わりました。
Session Initiation Protocol Request-Line: OPTIONS sip:9675@*.*.*.* SIP/2.0 Method: OPTIONS [Resent Packet: False] Message Header Via: SIP/2.0/UDP 0.0.0.0:57276;branch=086255A5-D1FF-1CD0-368C-18B025705CFE;rport Transport: UDP Sent-by Address: 0.0.0.0 Sent-by port: 57276 Branch: 086255A5-D1FF-1CD0-368C-18B025705CFE RPort: rport Max-Forwards: 70 To: <sip:9675@*.*.*.*> SIP to address: sip:9675@*.*.*.* From: <sip:6105@*.*.*.*>;tag=921A6CEB-0361-0E21-EAEB-2AA02CFB571F SIP from address: sip:6105@*.*.*.* SIP tag: 921A6CEB-0361-0E21-EAEB-2AA02CFB571F Call-ID: 96A8A473-25F5-A666-0FF2-3A96C0487E68 CSeq: 1 OPTIONS Sequence Number: 1 Method: OPTIONS Contact: <sip:@0.0.0.0:57276;transport=udp> Contact Binding: <sip:@0.0.0.0:57276;transport=udp> URI: <sip:@0.0.0.0:57276;transport=udp> SIP contact address: sip:@0.0.0.0:57276 Accept: application/sdp Content-Length: 0
攻撃元はあいかわらずGTCOMMで、アドレスが割り当てられているのはケニアの方となっています。
CustName: Jake Harolds Address: N/A City: Nairobi StateProv: N/A PostalCode: Country: KE RegDate: 2009-02-08 Updated: 2009-02-08 NetRange: 67.215.13.184 - 67.215.13.191 CIDR: 67.215.13.184/29 NetName: GTCOMM-166 NetHandle: NET-67-215-13-184-1 Parent: NET-67-215-0-0-1 NetType: Reassigned Comment: RegDate: 2009-02-08 Updated: 2009-02-08
by jyake