[Serusers] Strange "sip scans" from "qualsys.com"

Jiri Kuthan jiri at iptel.org
Mon Feb 9 11:58:30 CET 2004

You are on the public Internet... people can send you any stuff.
We see people polling whether iptel runs, messages from telephones 
which are broken, misconfigured or both. Lot of unnecessary traffic.
(BTW -- DNS operators have similar experince, about 80% traffic
is crap.) We haven't seen SIP messages from qualsys though, 
even when we tried their free security scan.


At 08:45 AM 2/9/2004, Arnd Vehling wrote:
>while strolling through my sip server logile ive came accross some strange unauthorized sip messages originating from "scan.qualsys.net":
>(ip address has been logged to)
>OPTIONS sip:scan.qualys.com SIP/2.0
>Via: SIP/2.0/UDP scan.qualys.com:5060;branch=z9hG4bKnashds7
>Max-Forwards: 70
>To: Foo <sip:foo at scan.qualys.com>
>From: Foo <sip:foo at scan.qualys.com>;tag=456248
>Call-ID: 843817637684230 at 998sdasdh09
>CSeq: 1826 OPTIONS
>Accept: application/sdp
>Content-Length: 0
>These packets could be found in ALL our SIP Proxy logs and they
>are clearly unauthorized.
>Has anyone a idea what this could be about or found similiar
>sip messages in his log?
>-- Arnd
>Serusers mailing list
>serusers at lists.iptel.org

Jiri Kuthan            http://iptel.org/~jiri/ 

More information about the sr-users mailing list