Buy or Renew
Buy or Renew
This forum is no longer in read-only mode. See this post for updates
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1269
Views
0
Helpful
1
Replies

SIP Vicious Protection

Todd Bruner
Level 1
Level 1

‎02-12-2015 05:21 PM - edited ‎03-21-2019 08:32 AM

Hello:

 

We are starting to get more and more SIP Vicious scans.  Today, we received a scan and now when some (but not all) of our phones dial extension 100, instead of "To: 100" we see "To: sipvicious".

I understand most SIPV scans are attempts to enumerate VOIP systems for potential exploitation with the end goal often being using the switch to dial out at no cost to the attacker.  Listed below are the things I'm checking, since the owner and staff are freaking out a bit:

  • The CDR records (nothing suspicious there)
  • The VOIP trunk provider CDR logs (nothing suspicious there)
  • System Logs (nothing suspicious, but do not go back to the timeframe of the scan)

So I have a couple of questions:

1.  Why is "sipvicious" showing  up when a  user dials 100?  (I've looked through all config options on UC320W but didn't see anything amiss)

2.  Are there known sip vulnerabilities in firmware 2.3.2(6)?

3.  Are there settings in the UC320W that would help mitigate these SIP Scans?

Thank you for help,

Todd

1 person had this problem
Labels:
0 Helpful
1 Reply 1

mainkiller12
Level 1
Level 1

‎01-06-2023 07:08 AM

I am facing this problem too.

Can some one advise if using Cisco Firepower can fix those scan?

0 Helpful
Customers Also Viewed These Support Documents