Massive SIP Attacks with VPN?
September 7, 2022
The picture I like to keep an eye on the hourly data statistics of my honeypots just to see if anything interesting pops up. A couple of weeks back I saw something that I just had to take a screenshot of Screenshot of the automated traffic It screamed automation. I quickly tried to see if it was another round of traffic similar to the proxy relay traffic that happened some time back …… It wasn’t, so I didn’t make too much of it.
Open Relay Abuse
March 31, 2022
The story I really didn’t give much attention to the ‘Country analysis’ world heatmap tab on the SIP honeypot data web interface till I one day noticed that every hour there were over 100 unique IP addresses from the US attacking my honeypots. Checking the database I noticed a pattern in the format of the stored headers in the database. Next I checked the source IPs of the suspicious traffic in Shodan.