our IDS found suspicious activity from 178.162.197.1, please investigate!

The packets form a network scan for udp/5060 (99 machines scanned).

A detailed 'tcpdump' log containing the first 100 packets can be found below.
All time stamps listed below are GMT+2 (MEDT, central european daylight time).

One possible reason for these packets is that the sending machine was
infected by a virus or trojan, or maybe it was hacked and is now used to 
attack others networks.  Both is very common these days (unfortunately).

Abuse-E-Mail (whois.ripe.net): abuse@de.leaseweb.com

regards,

Gert Doering
     SpaceNet Netmaster


--------- raw tcpdump output ----------
07/09 21:10:37 IP 178.162.197.1.52371 > 195.30.4.188.5060: SIP, length: 403
07/09 21:21:02 IP 178.162.197.1.52371 > 194.97.70.253.5060: SIP, length: 406
07/09 22:19:28 IP 178.162.197.1.52371 > 194.97.70.127.5060: SIP, length: 406
07/10 01:36:19 IP 178.162.197.1.52371 > 193.149.51.6.5060: SIP, length: 405
07/10 02:36:42 IP 178.162.197.1.52371 > 194.97.71.194.5060: SIP, length: 407
07/10 04:36:54 IP 178.162.197.1.52371 > 194.97.70.88.5060: SIP, length: 403
07/10 05:40:28 IP 178.162.197.1.52371 > 194.97.71.217.5060: SIP, length: 406
07/10 13:31:56 IP 178.162.197.1.52371 > 194.97.70.164.5060: SIP, length: 407
07/10 14:17:01 IP 178.162.197.1.52371 > 194.97.70.93.5060: SIP, length: 405
07/10 16:22:31 IP 178.162.197.1.52371 > 195.30.4.46.5060: SIP, length: 404
07/10 16:43:13 IP 178.162.197.1.52371 > 193.149.51.90.5060: SIP, length: 405
07/10 19:45:26 IP 178.162.197.1.52371 > 195.30.4.51.5060: SIP, length: 405
07/10 21:19:35 IP 178.162.197.1.52371 > 194.97.70.85.5060: SIP, length: 401
07/11 03:17:02 IP 178.162.197.1.52371 > 195.30.4.168.5060: SIP, length: 405
07/11 04:39:23 IP 178.162.197.1.52371 > 195.30.4.237.5060: SIP, length: 405
07/11 04:58:18 IP 178.162.197.1.52371 > 193.149.51.210.5060: SIP, length: 406
07/11 06:02:25 IP 178.162.197.1.52371 > 194.97.70.144.5060: SIP, length: 406
07/11 07:03:21 IP 178.162.197.1.52371 > 194.97.71.165.5060: SIP, length: 403
07/11 09:58:08 IP 178.162.197.1.52371 > 194.97.70.2.5060: SIP, length: 404
07/11 13:51:52 IP 178.162.197.1.35364 > 194.97.71.97.5060: SIP, length: 404
07/11 14:25:46 IP 178.162.197.1.35364 > 195.30.4.76.5060: SIP, length: 404
07/11 16:17:26 IP 178.162.197.1.35364 > 193.149.51.191.5060: SIP, length: 406
07/11 16:25:47 IP 178.162.197.1.35364 > 193.149.51.189.5060: SIP, length: 407
07/11 17:39:40 IP 178.162.197.1.35364 > 194.97.71.18.5060: SIP, length: 405
07/11 20:23:57 IP 178.162.197.1.35364 > 193.149.51.150.5060: SIP, length: 403
07/11 22:05:42 IP 178.162.197.1.35364 > 194.97.70.218.5060: SIP, length: 406
07/12 03:45:30 IP 178.162.197.1.35364 > 195.30.4.69.5060: SIP, length: 404
07/12 05:55:09 IP 178.162.197.1.35364 > 193.149.51.168.5060: SIP, length: 408
07/12 06:22:48 IP 178.162.197.1.35364 > 195.30.4.29.5060: SIP, length: 404
07/12 10:54:15 IP 178.162.197.1.35364 > 193.149.51.198.5060: SIP, length: 407
07/12 13:12:43 IP 178.162.197.1.35364 > 195.30.4.36.5060: SIP, length: 404
07/12 13:18:17 IP 178.162.197.1.35364 > 195.30.4.157.5060: SIP, length: 404
07/12 15:18:24 IP 178.162.197.1.35364 > 194.97.71.249.5060: SIP, length: 406
07/12 17:06:54 IP 178.162.197.1.35364 > 194.97.70.3.5060: SIP, length: 404
07/12 21:21:59 IP 178.162.197.1.35364 > 193.149.51.255.5060: SIP, length: 407
07/12 22:32:13 IP 178.162.197.1.35364 > 195.30.4.178.5060: SIP, length: 405
07/12 23:59:30 IP 178.162.197.1.35364 > 194.97.71.172.5060: SIP, length: 406
07/13 02:11:24 IP 178.162.197.1.35364 > 195.30.4.227.5060: SIP, length: 405
07/13 02:15:05 IP 178.162.197.1.35364 > 195.30.4.199.5060: SIP, length: 404
07/13 03:24:15 IP 178.162.197.1.35364 > 193.149.51.214.5060: SIP, length: 407
07/13 03:35:48 IP 178.162.197.1.35364 > 194.97.70.118.5060: SIP, length: 406
07/13 05:18:59 IP 178.162.197.1.35364 > 195.30.4.13.5060: SIP, length: 404
07/13 11:56:04 IP 178.162.197.1.35364 > 195.30.4.222.5060: SIP, length: 406
07/13 12:37:10 IP 178.162.197.1.35364 > 195.30.4.254.5060: SIP, length: 404
07/13 18:15:55 IP 178.162.197.1.38653 > 194.97.70.111.5060: SIP, length: 406
07/13 21:03:17 IP 178.162.197.1.38653 > 195.30.4.193.5060: SIP, length: 405
07/13 22:27:16 IP 178.162.197.1.38653 > 194.97.70.123.5060: SIP, length: 405
07/14 01:54:21 IP 178.162.197.1.38653 > 194.97.70.67.5060: SIP, length: 405
07/14 03:12:22 IP 178.162.197.1.38653 > 195.30.4.207.5060: SIP, length: 405
07/14 03:32:46 IP 178.162.197.1.38653 > 194.97.70.201.5060: SIP, length: 403
07/14 03:54:45 IP 178.162.197.1.38653 > 194.97.71.232.5060: SIP, length: 406
07/14 05:21:58 IP 178.162.197.1.38653 > 195.30.4.146.5060: SIP, length: 405
07/14 07:25:00 IP 178.162.197.1.38653 > 194.97.70.202.5060: SIP, length: 406
07/14 09:24:18 IP 178.162.197.1.38653 > 195.30.4.178.5060: SIP, length: 404
07/14 09:45:48 IP 178.162.197.1.38653 > 194.97.70.53.5060: SIP, length: 403
07/14 13:09:37 IP 178.162.197.1.38653 > 195.30.4.183.5060: SIP, length: 405
07/14 13:27:26 IP 178.162.197.1.38653 > 194.97.70.114.5060: SIP, length: 404
07/14 13:48:01 IP 178.162.197.1.38653 > 194.97.71.69.5060: SIP, length: 403
07/14 14:05:53 IP 178.162.197.1.38653 > 194.97.71.241.5060: SIP, length: 406
07/14 14:23:10 IP 178.162.197.1.38653 > 194.97.70.124.5060: SIP, length: 406
07/14 14:37:26 IP 178.162.197.1.38653 > 195.30.4.49.5060: SIP, length: 404
07/14 15:14:10 IP 178.162.197.1.38653 > 194.97.70.9.5060: SIP, length: 405
07/14 16:14:12 IP 178.162.197.1.38653 > 193.149.51.47.5060: SIP, length: 406
07/14 20:49:16 IP 178.162.197.1.38653 > 193.149.51.61.5060: SIP, length: 406
07/14 23:09:59 IP 178.162.197.1.38653 > 195.30.4.155.5060: SIP, length: 405
07/15 00:15:21 IP 178.162.197.1.38653 > 194.97.71.127.5060: SIP, length: 406
07/15 00:55:40 IP 178.162.197.1.38653 > 193.149.51.97.5060: SIP, length: 405
07/15 01:13:17 IP 178.162.197.1.38653 > 194.97.71.11.5060: SIP, length: 403
07/15 01:52:44 IP 178.162.197.1.38653 > 194.97.71.248.5060: SIP, length: 405
07/15 02:33:43 IP 178.162.197.1.38653 > 194.97.70.172.5060: SIP, length: 405
07/15 03:53:32 IP 178.162.197.1.38653 > 194.97.71.246.5060: SIP, length: 406
07/15 04:49:55 IP 178.162.197.1.38653 > 195.30.4.1.5060: SIP, length: 403
07/15 06:15:21 IP 178.162.197.1.38653 > 194.97.70.193.5060: SIP, length: 406
07/15 06:21:55 IP 178.162.197.1.38653 > 193.149.51.64.5060: SIP, length: 406
07/15 07:53:33 IP 178.162.197.1.38653 > 194.97.71.12.5060: SIP, length: 405
07/15 08:59:14 IP 178.162.197.1.38653 > 195.30.4.73.5060: SIP, length: 404
07/15 10:14:51 IP 178.162.197.1.38653 > 194.97.70.40.5060: SIP, length: 405
07/15 12:55:01 IP 178.162.197.1.38653 > 194.97.71.133.5060: SIP, length: 406
07/15 14:45:09 IP 178.162.197.1.38653 > 194.97.71.93.5060: SIP, length: 403
07/15 14:48:26 IP 178.162.197.1.38653 > 193.149.51.118.5060: SIP, length: 404
07/15 15:13:24 IP 178.162.197.1.38653 > 195.30.4.156.5060: SIP, length: 405
07/15 18:24:31 IP 178.162.197.1.38653 > 195.30.4.234.5060: SIP, length: 405
07/15 18:46:15 IP 178.162.197.1.38653 > 193.149.51.33.5060: SIP, length: 404
07/15 19:06:01 IP 178.162.197.1.38653 > 194.97.70.102.5060: SIP, length: 406
07/15 21:44:34 IP 178.162.197.1.50730 > 193.149.51.208.5060: SIP, length: 406
07/16 00:43:28 IP 178.162.197.1.50730 > 195.30.4.180.5060: SIP, length: 405
07/16 02:21:29 IP 178.162.197.1.50730 > 193.149.51.17.5060: SIP, length: 405
07/16 04:21:10 IP 178.162.197.1.50730 > 195.30.4.167.5060: SIP, length: 405
07/16 05:09:28 IP 178.162.197.1.50730 > 194.97.71.190.5060: SIP, length: 406
07/16 05:34:28 IP 178.162.197.1.50730 > 194.97.70.166.5060: SIP, length: 403
07/16 06:26:21 IP 178.162.197.1.50730 > 195.30.4.190.5060: SIP, length: 405
07/16 08:17:40 IP 178.162.197.1.50730 > 195.30.4.16.5060: SIP, length: 405
07/16 10:03:13 IP 178.162.197.1.50730 > 193.149.51.37.5060: SIP, length: 406
07/16 13:17:08 IP 178.162.197.1.50730 > 193.149.51.113.5060: SIP, length: 405
07/16 13:24:09 IP 178.162.197.1.50730 > 195.30.4.65.5060: SIP, length: 404
07/16 13:45:22 IP 178.162.197.1.50730 > 193.149.51.178.5060: SIP, length: 407
07/16 15:10:31 IP 178.162.197.1.50730 > 194.97.71.189.5060: SIP, length: 405
07/16 15:21:08 IP 178.162.197.1.50730 > 193.149.51.228.5060: SIP, length: 406
07/16 15:23:06 IP 178.162.197.1.50730 > 193.149.51.193.5060: SIP, length: 406
07/16 17:45:07 IP 178.162.197.1.50730 > 194.97.70.154.5060: SIP, length: 404

--------- raw tcpdump output ----------

Layer 7 filters will be setup to mark abusive packets

Also Read

California - Open Resolver DDoS
You appear to be running an open recursive resolver at IP address 199.241.145.147 that...
Kansas City SYN Flood
Your IP is sending SYNFloods Date first seen          Duration Proto           IP Addr...
California - Notice of Claimed Infringement Case 8 Cases
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1VIA EMAIL:Notice of Claimed Infringement via...
UK SPAM Static IP Server
X-Originalarrivaltime: 25 Jul 2014 15:11:43.0391 (UTC) FILETIME=[BE648AF0:01CFA81A] MIME-Version:...
UK SPAM Complaints phone4profit.com
Received: from [149.255.111.222] (HELO phone4profit.com)by inbound.appriver.com (CommuniGate Pro...