Continued exploit of open relay #SIP REGISTER attack occurring, with increased activity over the last 12 hours. Most IP addresses have already been seen, and vast majority of systems (doing the relaying) are Ingate Systems (the SIParator SBC). No response from Ingate.
Help protect your systems with #APIBAN (https://apiban.org)-- a free service, thanks to our sponsors.
Posted to LinkedIn regarding the continued #SIP open relay REGISTER attack seen by #APIBAN honeypots.
https://www.linkedin.com/posts/qxork_apiban-block-bad-sip-traffic-activity-7095054036319494144-Tfbd
I really like the GitHub sponsor feature... nice, simple way to help an open source project you're using keep on keeping' on (as Joe Dirt would say).
For example. I love simplecss.com... and @kev made it easy to sponsor.
(By the way... you can sponsor #APIBAN if you're finding it helpful, or even if you're not... you can still sponsor)
Seeing a huge spike in REGISTER traffic attacking SIP servers out there. Many seem to be using Ingate SIParator SBC as an open relay.
APIBAN (https://apiban.org) is a free service to help protect you from these attacks.
Also, a good analysis of the last attack (written by Ivan Kwabena Nyarko) can be found here:
https://www.kwancro.com/post/another-open-relay-scan/
My slides from this year's Kamailio World 2023 presentation "Using APIBAN in Production"
There's a great new post from Ivan Nyarko discussing the #SIP open relay attacks we saw recently hitting #APIBAN (and impacting some smaller carriers):
https://www.kwancro.com/post/another-open-relay-scan/
Ivan is amazing at analyzing this data and his write-ups are simply a great read.
Very honored to be on this week's #ClueCon Weekly:
https://www.youtube.com/watch?v=2uBafByhUEE
I talk about #APIBAN, #Kamailio, #KamailioWorld, and #FreeSWITCH (as well as the upcoming ClueCon in Chicago).
#cluecon #apiban #Kamailio #kamailioworld #freeswitch
Running a #sip server? Please check that you're not an open relay.
APIBAN has seen a dramatic increase in open relay servers being exploited (impacting some b2b providers).
Ivan Nyarko has a great tool to help test your server:
https://kwanlabs.com
A huge amount of unwanted #SIP / #VOIP traffic coming out of Japan over the last few days. Since the 29th, over 2700 active ip addresses were added to the block list.
Some example networks:
122.214.163.128/25
122.219.179.0/25
59.87.14.0/25
122.219.179.128/25
58.13.250.128/25
59.87.50.0/25
If you're using #APIBAN, these have already been blocked. Not using APIBAN? Think again... it's free (thanks to our sponsors). https://apiban.org
My video about APIBAN from #ClueCon has been posted to their YouTube channel:
My very good friend Ivan Nyarko (who has not come to Mastodon yet) has been supporting APIBAN from when it was just an idea.
He generously provides honeypots and above that… collects, analyzes, and even publishes the data:
https://www.kwancro.com/honeypotdata/
His site even now has a link to buy him a coffee (and help support his honeypot addiction).
Enjoy.