Тема: Весёлый SIP.
На рабочем компе висит софтфон. Включен автоответ.. Понятное дело, что никаких транков и линий нет, то есть кроме как поговорить (повлагалить) ни хера не получится. Но вот заметил, как работают ломатели SIP-ов... Далее (ниже) - трассировка (не вся, только часть). В моём IP часть цифр заменена на ***.
Короче, весело, как это всё работает, и как часто это пытаются ломать (и в конце концов когда-то ломают). А потом нужно много-много денег.
—————————————————————-
19:38:28,171: T: 83.244.48.37:10260 (UDP)
SIP/2.0 200 OK
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-1021778881-1—d87543-;rport=10260
From: <sip:101@193.233.***.***>;tag=ee296d4b
To: <sip:0972598695627@193.233.***.***>;tag=809fbf98c53ee111b659001a92c458cc
Call-ID: 2a33835e8763f375
CSeq: 3 INVITE
Contact: <sip:0972598695627@193.233.***.***:5060>
Content-Type: application/sdp
Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, UPDATE
Supported: replaces, from-change
Server: SIPPER for PhonerLite
Content-Length: 240
v=0
o=- 2855169794 3 IN IP4 193.233.***.***
s=SIPPER for PhonerLite
c=IN IP4 193.233.***.***
t=0 0
m=audio 5062 RTP/AVP 0 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
—————————————————————-
19:38:28,421: R: 83.244.48.37:10260 (UDP)
ACK sip:0972598695627@193.233.***.***:5060 SIP/2.0
To: <sip:0972598695627@193.233.***.***>;tag=809fbf98c53ee111b659001a92c458cc
From: <sip:101@193.233.***.***>;tag=ee296d4b
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-810287787-1—d87543-;rport
Call-ID: 2a33835e8763f375
CSeq: 3 ACK
Contact: <sip:101@83.244.48.37:10260>
Max-Forwards: 70
User-Agent: eyeBeam release 3006o stamp 17551
Content-Length: 0
—————————————————————-
19:38:55,390: R: 83.244.48.37:10260 (UDP)
BYE sip:0972598695627@193.233.***.***:5060 SIP/2.0
To: <sip:0972598695627@193.233.***.***>;tag=809fbf98c53ee111b659001a92c458cc
From: <sip:101@193.233.***.***>;tag=ee296d4b
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-438330141-1—d87543-;rport
Call-ID: 2a33835e8763f375
CSeq: 4 BYE
Contact: <sip:101@83.244.48.37:10260>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
User-Agent: eyeBeam release 3006o stamp 17551
Content-Length: 0
19:38:55,390: Info Indication: 0F 00 01 00 08 82 45 81 01 01 00 00 45 80 00
19:38:55,390: Info Indication: disconnect
19:38:55,390: Info Response: 0C 00 01 00 08 83 45 81 01 01 00 00
19:38:55,390: Info Response
—————————————————————-
19:38:55,390: T: 83.244.48.37:10260 (UDP)
SIP/2.0 200 OK
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-438330141-1—d87543-;rport=10260
From: <sip:101@193.233.***.***>;tag=ee296d4b
To: <sip:0972598695627@193.233.***.***>;tag=809fbf98c53ee111b659001a92c458cc
Call-ID: 2a33835e8763f375
CSeq: 4 BYE
Contact: <sip:0972598695627@193.233.***.***:5060>
Server: SIPPER for PhonerLite
Content-Length: 0
19:38:59,750: Disconnect B3 Indication: 0E 00 01 00 84 82 DF 81 01 01 01 00 00 00
19:38:59,750: Disconnect B3 Indication
19:38:59,750: Disconnect B3 Response: 0C 00 01 00 84 83 DF 81 01 01 01 00
19:38:59,750: Disconnect B3 Response
19:38:59,750: Disconnect Request: 12 00 01 00 04 80 EF 11 01 01 00 00 05 00 00 00 00 00
19:38:59,750: Disconnect Request
19:38:59,750: Disconnect Indication: 0E 00 01 00 04 82 E0 81 01 01 00 00 00 34
19:38:59,750: Disconnect Indication:
19:38:59,765: Disconnect Response: 0C 00 01 00 04 83 E0 81 01 01 00 00
19:38:59,765: Disconnect Response
—————————————————————-
19:38:59,750: R: Windows firewall close UDP port (RTP): 5062
success
—————————————————————-
19:38:59,750: R: Windows firewall close UDP port (RTCP): 5063
success
—————————————————————-
19:39:07,031: R: 83.244.48.37:10260 (UDP)
REGISTER sip:193.233.***.*** SIP/2.0
To: <sip:101@193.233.***.***>
From: <sip:101@193.233.***.***>;tag=90234e44
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-189144317-1—d87543-;rport
Call-ID: 79630d1eed25763b
CSeq: 2 REGISTER
Contact: <sip:101@83.244.48.37:10260>;expires=0
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
User-Agent: eyeBeam release 3006o stamp 17551
Content-Length: 0
—————————————————————-
19:39:07,031: T: 83.244.48.37:10260 (UDP)
SIP/2.0 200 OK
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-189144317-1—d87543-;rport=10260
From: <sip:101@193.233.***.***>;tag=90234e44
To: <sip:101@193.233.***.***>;tag=80df0ae5c53ee111b665001a92c458cc
Call-ID: 79630d1eed25763b
CSeq: 2 REGISTER
Contact: <sip:101@193.233.***.***:5060>
Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, UPDATE
Server: SIPPER for PhonerLite
Expires: 0
Content-Length: 0
—————————————————————-
19:38:28,171: T: 83.244.48.37:10260 (UDP)
SIP/2.0 200 OK
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-1021778881-1—d87543-;rport=10260
From: <sip:101@193.233.***.***>;tag=ee296d4b
To: <sip:0972598695627@193.233.***.***>;tag=809fbf98c53ee111b659001a92c458cc
Call-ID: 2a33835e8763f375
CSeq: 3 INVITE
Contact: <sip:0972598695627@193.233.***.***:5060>
Content-Type: application/sdp
Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, UPDATE
Supported: replaces, from-change
Server: SIPPER for PhonerLite
Content-Length: 240
v=0
o=- 2855169794 3 IN IP4 193.233.***.***
s=SIPPER for PhonerLite
c=IN IP4 193.233.***.***
t=0 0
m=audio 5062 RTP/AVP 0 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
—————————————————————-
19:38:28,421: R: 83.244.48.37:10260 (UDP)
ACK sip:0972598695627@193.233.***.***:5060 SIP/2.0
To: <sip:0972598695627@193.233.***.***>;tag=809fbf98c53ee111b659001a92c458cc
From: <sip:101@193.233.***.***>;tag=ee296d4b
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-810287787-1—d87543-;rport
Call-ID: 2a33835e8763f375
CSeq: 3 ACK
Contact: <sip:101@83.244.48.37:10260>
Max-Forwards: 70
User-Agent: eyeBeam release 3006o stamp 17551
Content-Length: 0
—————————————————————-
19:38:55,390: R: 83.244.48.37:10260 (UDP)
BYE sip:0972598695627@193.233.***.***:5060 SIP/2.0
To: <sip:0972598695627@193.233.***.***>;tag=809fbf98c53ee111b659001a92c458cc
From: <sip:101@193.233.***.***>;tag=ee296d4b
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-438330141-1—d87543-;rport
Call-ID: 2a33835e8763f375
CSeq: 4 BYE
Contact: <sip:101@83.244.48.37:10260>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
User-Agent: eyeBeam release 3006o stamp 17551
Content-Length: 0
19:38:55,390: Info Indication: 0F 00 01 00 08 82 45 81 01 01 00 00 45 80 00
19:38:55,390: Info Indication: disconnect
19:38:55,390: Info Response: 0C 00 01 00 08 83 45 81 01 01 00 00
19:38:55,390: Info Response
—————————————————————-
19:38:55,390: T: 83.244.48.37:10260 (UDP)
SIP/2.0 200 OK
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-438330141-1—d87543-;rport=10260
From: <sip:101@193.233.***.***>;tag=ee296d4b
To: <sip:0972598695627@193.233.***.***>;tag=809fbf98c53ee111b659001a92c458cc
Call-ID: 2a33835e8763f375
CSeq: 4 BYE
Contact: <sip:0972598695627@193.233.***.***:5060>
Server: SIPPER for PhonerLite
Content-Length: 0
19:38:59,750: Disconnect B3 Indication: 0E 00 01 00 84 82 DF 81 01 01 01 00 00 00
19:38:59,750: Disconnect B3 Indication
19:38:59,750: Disconnect B3 Response: 0C 00 01 00 84 83 DF 81 01 01 01 00
19:38:59,750: Disconnect B3 Response
19:38:59,750: Disconnect Request: 12 00 01 00 04 80 EF 11 01 01 00 00 05 00 00 00 00 00
19:38:59,750: Disconnect Request
19:38:59,750: Disconnect Indication: 0E 00 01 00 04 82 E0 81 01 01 00 00 00 34
19:38:59,750: Disconnect Indication:
19:38:59,765: Disconnect Response: 0C 00 01 00 04 83 E0 81 01 01 00 00
19:38:59,765: Disconnect Response
—————————————————————-
19:38:59,750: R: Windows firewall close UDP port (RTP): 5062
success
—————————————————————-
19:38:59,750: R: Windows firewall close UDP port (RTCP): 5063
success
—————————————————————-
19:39:07,031: R: 83.244.48.37:10260 (UDP)
REGISTER sip:193.233.***.*** SIP/2.0
To: <sip:101@193.233.***.***>
From: <sip:101@193.233.***.***>;tag=90234e44
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-189144317-1—d87543-;rport
Call-ID: 79630d1eed25763b
CSeq: 2 REGISTER
Contact: <sip:101@83.244.48.37:10260>;expires=0
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
User-Agent: eyeBeam release 3006o stamp 17551
Content-Length: 0
—————————————————————-
19:39:07,031: T: 83.244.48.37:10260 (UDP)
SIP/2.0 200 OK
Via: SIP/2.0/UDP 83.244.48.37:10260;branch=z9hG4bK-d87543-189144317-1—d87543-;rport=10260
From: <sip:101@193.233.***.***>;tag=90234e44
To: <sip:101@193.233.***.***>;tag=80df0ae5c53ee111b665001a92c458cc
Call-ID: 79630d1eed25763b
CSeq: 2 REGISTER
Contact: <sip:101@193.233.***.***:5060>
Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, UPDATE
Server: SIPPER for PhonerLite
Expires: 0
Content-Length: 0
—————————————————————-
20:09:42,671: R: 208.87.243.142:5083 (UDP)
OPTIONS sip:100@193.233.***.*** SIP/2.0
Via: SIP/2.0/UDP 208.87.243.142:5083;branch=z9hG4bK-544890833;rport
Content-Length: 0
From: “sipvicious”<sip:100@1.1.1.1>; tag=6331653934373730313363340132393035323535393333
Accept: application/sdp
User-Agent: friendly-scanner
To: “sipvicious”<sip:100@1.1.1.1>
Contact: sip:100@208.87.243.142:5083
CSeq: 1 OPTIONS
Call-ID: 1108204265889706123682218
Max-Forwards: 70
—————————————————————-
20:09:42,671: T: 208.87.243.142:5083 (UDP)
SIP/2.0 200 OK
Via: SIP/2.0/UDP 208.87.243.142:5083;branch=z9hG4bK-544890833;rport=5083
From: “sipvicious” <sip:100@1.1.1.1>;tag=6331653934373730313363340132393035323535393333
To: “sipvicious” <sip:100@1.1.1.1>;tag=00a7c92aca3ee111b665001a92c458cc
Call-ID: 1108204265889706123682218
CSeq: 1 OPTIONS
Contact: <sip:100@193.233.***.***:5060>
Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, UPDATE
Server: SIPPER for PhonerLite
Content-Length: 0
Всё прикладывать не стал, но могу сообщить, что там пытались набрать разные комбинации в начале для звонка на номер +972598695627 (типа To: <sip:8810972598695627@193…. и прочие)
Работают, красавцы, бдят! :cheese: