Mysterious SIP Brute force

Strangely I keep getting SIP 5060 mysterious phone calls, with 'Unrecognized RTP' from Santa Monica and New York, what would the purpose of those be?
They must be randomly trying IP's on port 5060, but why?
Silas2Asked:
Who is Participating?
 
agonza07Commented:
Check this out.

http://blog.sipvicious.org/

In this case, however, things are a bit different. While launching an INVITE scan on a vulnerable PBX system can be useful for the hacker, doing the same thing on an IP Phone (or VoIP Phone) just makes it ring. While some phones will only ring when the correct number is called, others ring when any number (or rather, any SIP address) is specified in the INVITE message. So the attackers/hackers/cyber-criminals ended up getting phones to ring. I think this is a mistake that they were making, possibly because they are not differentiating between a phone and a PBX system
0
 
agonza07Commented:
Lots of hackers out there in the world, and bunch of programs just scanning the internet.

I had a brand new phone installation a while back, and before I could bring up the firewall, I already had someone hacking my phone system making calls to Jamaica...
0
 
Silas2Author Commented:
Yes, but how could they hack thru a sip phone? I'm just curious. They phone into it, are they then trying to piggy-back off my registration? They would have to find some way of taking control of the phone wouldn't they?
A rogue incoming call can't do anything can it?
Is there some buffer overflow attack on SIP phones?
0
 
Silas2Author Commented:
Yes, thanks,  that's probably it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.