Hello Folk,
A couple of times recently my machine has started up and received a few characters, then nothing. However early this morning (around 4 am) there were multiple attempts and some text which indicates that someone is trying to access something at my end. They were quite persistent and tried 11 times over about 10 minutes. The biggest chunk of text that printed out is:
OPTIONS SIP: NM SIP/2.0
VIA: SIP/2.0/TCP NMBRANCH;FOO
FROM: (.SIP:NMNM.)TAG;ROOT
TO: (.SIP:NM2NM2.)
CALL-ID: 50000
CSEQ: 42 OPTIONS
MAX-FORWARD: 70
CONTENT-LENGTH: 0
CONTACT: (.SIP:NMNM.)
ACCEPT: APPLICATION/SDP
etc. further down there is what appears to be an IP address 223.75.123.71 and attempts to get information and maybe even download a file.
A bit digging reveals that SIP is the Session Initiation Protocol which is commonly used for internet telephony and some multimedia applications. The IP number above is pingable and is owned by China Mobile Communications Group in Wuhan. So it looks like someone in China is trying to access something through the open I-TELEX port.
- Are these access attempts a security issue for other computers on my home LAN or for the I-TELEX hardware at my station?
- Has anyone else experienced the same sort of thing?
- Any other advice or information I should be aware of?
Regards
Dale
I-TELEX: 570418
I-TELEX being hacked?
-
VK1DSH
Topic author - Rank 1
- Beiträge: 7
- Registriert: So 29. Jun 2025, 11:40
- Hauptanschluß:
-
WolfHenk
- Rank 8
- Beiträge: 775
- Registriert: So 3. Apr 2022, 19:20
- Wohnort: Grebenhain
- Hauptanschluß: 38718 wlfhnk d
- Kontaktdaten:
I-TELEX being hacked?
Seems like someone tried to use the Open Port, found some Ping and tried to make free phonecalls....
38718 wlfhnk d I-Telex (7:00 - 22:00 ME(S)Z) nachts Anrufbeantworter T-100
54353 hoeck d Oe-Telex (Oe-AGT + Raspberry Pi + Babelfish) online T-68
414685 ctrav d in Reparatur T1200BS
36355 wlfhnk d Testanschluss z.b.V.
54353 hoeck d Oe-Telex (Oe-AGT + Raspberry Pi + Babelfish) online T-68
414685 ctrav d in Reparatur T1200BS
36355 wlfhnk d Testanschluss z.b.V.
-
DF3OE
- Founder
- Beiträge: 3704
- Registriert: Di 7. Jun 2016, 09:45
- Wohnort: Edemissen - Blumenhagen
- Hauptanschluß: 925302 treu d
- Kontaktdaten:
I-TELEX being hacked?
-First deactivate ASCII mode on the Ethernet card.
-Then delete your primariy number for incoming calls on the card.
-Let me know the internal extension number for your incoming calls.
I will put that number to the subscriber server.
Now, no annoying calls anymore, hopefully.
-Then delete your primariy number for incoming calls on the card.
-Let me know the internal extension number for your incoming calls.
I will put that number to the subscriber server.
Now, no annoying calls anymore, hopefully.
- Folgende Benutzer bedankten sich beim Autor DF3OE für den Beitrag:
- Telegrammophon
mfg
henning +++
925302 treu d - T1000Z (Hauptanschluss)
55571 fvler a - T100S
210911za hmb d - T150 (Werkstatt)
218308 test d - T1000S/LS (Werkstatt)
925333 =treu d (Minitelex Sanyo SF100) defekt
Fax G2/G3: 05176-9754481 (Sanyo SF100 Thermofax) defekt
henning +++
925302 treu d - T1000Z (Hauptanschluss)
55571 fvler a - T100S
210911za hmb d - T150 (Werkstatt)
218308 test d - T1000S/LS (Werkstatt)
925333 =treu d (Minitelex Sanyo SF100) defekt
Fax G2/G3: 05176-9754481 (Sanyo SF100 Thermofax) defekt