FWIW, we routinely see dodgy traffic from:
ovh.net hetzner.de
But since those are 2 of the larger short-term contract dedicated server vendors, I'm not surprised about that. It's so frequent that I don't even bother reporting it any more - when an abuse report is acted upon and the server shut down, another pops up to take its place.
all going to 972-59-* numbers (i.e. Paltel/Jawal mobile customers).
Likewise here. Well, not all, but a sizeable percentage of it. We're based in the UK.
Why would an internet subscriber from hadara.ps, for instance, want to call a Paltel mobile user via some remotely hacked SIP PBX thousands of miles away given than Paltel is partially owned by Hadara Technology Investment Co. (and Paltel leases long-haul infrastructure from Hadara anyway)?
Are you perhaps reading too much into it? There are insecure servers and computers all over the internet. These are (ab)used and co-opted into botnets which are in turn used to compromise SIP servers. I suspect that it's probably a financial goal (free calls, or substantial termination payouts) rather than a political goal the perpetrators are seeking.
I'd be curious to know what everyone else's experiences have been like, and why 95% or better of the SIP attacks on my PBX are destined for Paltel mobile subscribers.
Perhaps the termination payout on those numbers is particularly good, and/or regulation/investigation into abuse isn't so good?
Kind regards, Chris -- This email is made from 100% recycled electrons -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
