Table of Contents

PFSense - Suricata - Alerts - ET SCAN Sipvicious User-Agent Detected (friendly-scanner)

This is a scanner that looks for SIP servers.

SIP Servers are part of your VOIP infrastructure


Technically speaking, SIPvicous is a SIP auditing tool used to scan for and enumerate SIP devices and accounts.

It can be obtained freely from it’s Google Code archive, the GIT repo or bundled with security auditing tools like Kali.

Originally intended for legitimate white hat security auditing for internal networks, in the hands of even the most bored of script kiddies it can cause some serious damage.

That lazy network admin using common username/password combos will yet again fall victim to this one.

SIPvicous will send INVITE or OPTION packets looking for responses from live hosts, then log the results to a file.

An attacker can then begin to enumerate for valid usernames and passwords which if successful, can get access.

In addition, these Invites commonly cause ghost calls (phones ring from random callers but no one’s home). Worse still, they can even initiate un-wanted calls.


How Does it Work?

SIPVicious is made up of 4 components – The head, the front legs, the hind legs, and the torso. I’m kidding of course…there’s actually 5..


References

https://code.google.com/p/sipvicious/