Differences

This shows you the differences between two versions of the page.

--- squid:alerts:et_scan_sipvicious_user-agent_detected_friendly-scanner [2020/04/07 12:15] – created peter
+++ squid:alerts:et_scan_sipvicious_user-agent_detected_friendly-scanner [2021/01/04 20:33] (current) – [Squid - Alerts - ET SCAN Sipvicious User-Agent Detected (friendly-scanner)] peter
@@ Line 1: / Line 1: @@
 ====== Squid - Alerts - ET SCAN Sipvicious User-Agent Detected (friendly-scanner) ======
-This is a scanner that looks for SIP servers.
+This is a scanner that looks for [[https://en.wikipedia.org/wiki/List_of_SIP_software|SIP]] servers.
-SIP Servers are part of your VOIP infrastructure
+[[https://en.wikipedia.org/wiki/List_of_SIP_software|SIP Servers]] are part of your VOIP infrastructure
 ----
@@ Line 20: / Line 20: @@
 An attacker can then begin to enumerate for valid usernames and passwords which if successful, can get access.
-In addition, these Invites commonly cause what I call “ghost calls” (phones ring from random callers but no one’s home).  Worse still, they can even initiate un-wanted calls.
+In addition, these Invites commonly cause “ghost calls” (phones ring from random callers but no one’s home).  Worse still, they can even initiate un-wanted calls.
 ----
@@ Line 28: / Line 28: @@
 **SIPVicious** is made up of 4 components – The head, the front legs, the hind legs, and the torso. I’m kidding of course…there’s actually 5..
-**Svcrack** – Used to crack SIP passwords for a given username. Brute force or dict-based.
+  * **Svcrack:** – Used to crack SIP passwords for a given username.  Brute force or dict-based.
+  * **Svreport:** – Store session info for later use, ie; Cracking a password or reading packets elsewhere.
-**Svreport** – Store session info for later use, ie; Cracking a password or reading packets elsewhere.
+  * **Svmap:** – “The annoying one” that does the scanning for open SIP targets – usually with an INVITE or OPTIONS request.
+  * **Svwar:** – Scans for and enumerates phones on the network.
-**Svmap** – “The annoying one” that does the scanning for open SIP targets – usually with an INVITE or OPTIONS request.
+    * It probes for phones by sending packets out and listens for a response, same as above but it seems there’s more manipulation that can be done in terms of what the packets are and what size.
+    * This could potentially be used as a DDoS tool. <code bash>
-**Svwar** – Scans for and enumerates phones on the network.
-It probes for phones by sending packets out and listens for a response, same as above but it seems there’s more manipulation that can be done in terms of what the packets are and what size. This could potentially be used as a DDoS tool.
-<code bash>
 svmap 192.168.1.0/24 -v
 INFO:ImaFly:trying to get self ip .. might take a while
@@ Line 46: / Line 41: @@
 INFO:ImaFly:Looks like we received a SIP request from 192.168.1.22:5060
 </code>
+  * **Svcrash** – Defend and Counter-attack tool against ..itself.
+    * This tool can be setup to read the asterisk log and automatically obtain a would be attackers IP and Port, attempting to shut down his agent with a malformed response packet.
-**Svcrash** – Defend and Counter-attack tool against ..itself.
+    * Manual entries can also be set and optional Brute force on the destination port!
-This tool can be setup to read the asterisk log and automatically obtain a would be attackers IP and Port, attempting to shut down his agent with a malformed response packet (more on that later). Manual entries can also be set and optional Brute force on the destination port – woot woot!
 ----