Asterisk scanning with SIPVicious

A while back I wrote a blog post describing what SIPVicious was and how to scan your server with it – http://sysadminman.net/blog/2009/hacking-and-securing-your-asterisk-server-592

I would recommend doing this to your own Asterisk server because even if you don’t, someone else will be!

One of the annoyances of older versions of SIPVicious was that even if you blocked the incoming traffic (using something like fail2ban) SIPVicious didn’t care and would carry on sending scanning packets, even though it got no reply to them. This could go on for days, normally until the scanning server provider pulled the plug on the script kiddies. If the scan was from a server with a lot of available bandwidth you could end up with a large amount of incoming traffic.

The developer of SIPVicious has released a small utility included with v0.2.6 of the package called svcrash.py. This is designed to interrupt the scan by sending packets to crash svwar and svcrack running on the scanning system. It does this by abusing a bug in older versions of the software.

Version v.0.2.6 of SIPVicious does not continue scanning remote systems when it receives no reply to the scanning packets.

You can find out more details about SIPVicious and the new features here – http://blog.sipvicious.org/2010/06/how-to-crash-sipvicious-introducing.html

I haven’t tried svcrash.py myself yet so use at your own risk.