SIP Vicious

This topic contains 0 replies, has 1 voice, and was last updated by  Negrita 6 years, 4 months ago.

  • Author
    Posts
  • #8433
     Negrita 
    Participant

    Hi All,
    It’s been a while since I last posted here, but I’ve come across an issue that only a community like this can help me with.
    The issue is regarding a tool called SIP Vicious. I deliberated whether to put this in the Tools section or the Malware section. Don feel welcome to move the thread if you feel it’s in the wrong place.

    SIP Vicious is a valid open source SIP auditing tool which has been exploited extensively for malicious intent. I’m not going to go into exactly what the tool can do (you can search for that on your own).

    The issue I have is identifying the mailicious traffic and separating it from valid SIP traffic. Until now the only way that I’ve found to do this is by looking at the user agent. So far I have identified 2 different user agents used by this tool in the field;
    1. User-Agent: friendly-scanner
    2. User-Agent: sundayddr

    My question is – has anyone here ever come across this tool using a different user agent? If yes what was the user agent used? Do you have any references to this on the internet and/or sniffer captures showing this?

    I know that as the source code is open anyone can actually download the tool and change the user agent at will if they go into the code before using it, but so far we have only found the 2 user agents mentioned above.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?