Strange log message. SIP?

[serk1]

I noticed the following message in my logs, can anyone provide any information on whether this is something to be concerned about or if it is just somebody scanning?

Jan 18 02:01:47 loft10361 OPTIONS sip:100@169.229.XXX.XXX SIP/2.0
Via: SIP/2.0/UDP 85.25.217.47:11585;branch=z9hG4bK-2354356570;rport
Content-Length: 0
From: "sipvicious"<sip:100@1.1.1.1>;tag=6139653539653134303430370132313235313832313239
Accept: application/sdp
User-Agent: friendly-scanner
To: "sipvicious"<sip:100@1.1.1.1>
Contact: sip:100@85.25.217.47:11585
CSeq: 1 OPTIONS
Call-ID: 144467919905082312292289
Max-Forwards: 70​

 

[dlavigne]

Any IP phones or a PBX in the network?

 

[serk1]

Not that I know of. That IP address (85.25.217.47) is in Germany and I am in California.

 

[depasseg]

What log was that in? Hopefully not on freenas.

 

[serk1]

/var/log/messages

 

[tvsjr]

SIPVicious is a SIP scanner (supposedly "friendly" but can be used be ne'er-do-wells too). Do you have your FreeNAS exposed to the Internet, specifically ports 5060-5061? I have this creeping suspicion that you may have been overly permissive with your firewall/router...

 

[serk1]

Okay, thanks. I was wondering if this was just a random scan or something more. Seems random.

 

[tvsjr]

Point is, you shouldn't have the SIP ports exposed to the world. You need to take a good look at your firewall/router config. If SIP is open, you probably have other stuff open, which makes you a target for getting pwn3d.

 

[serk1]

Thanks ;)