our IDS found suspicious activity from 178.162.197.1, please investigate!

The packets form a network scan for udp/5060 (99 machines scanned).

A detailed 'tcpdump' log containing the first 100 packets can be found below.
All time stamps listed below are GMT+2 (MEDT, central european daylight time).

One possible reason for these packets is that the sending machine was
infected by a virus or trojan, or maybe it was hacked and is now used to 
attack others networks.  Both is very common these days (unfortunately).

Abuse-E-Mail (whois.ripe.net): abuse@de.leaseweb.com

regards,

Gert Doering
     SpaceNet Netmaster


--------- raw tcpdump output ----------
07/09 21:10:37 IP 178.162.197.1.52371 > 195.30.4.188.5060: SIP, length: 403
07/09 21:21:02 IP 178.162.197.1.52371 > 194.97.70.253.5060: SIP, length: 406
07/09 22:19:28 IP 178.162.197.1.52371 > 194.97.70.127.5060: SIP, length: 406
07/10 01:36:19 IP 178.162.197.1.52371 > 193.149.51.6.5060: SIP, length: 405
07/10 02:36:42 IP 178.162.197.1.52371 > 194.97.71.194.5060: SIP, length: 407
07/10 04:36:54 IP 178.162.197.1.52371 > 194.97.70.88.5060: SIP, length: 403
07/10 05:40:28 IP 178.162.197.1.52371 > 194.97.71.217.5060: SIP, length: 406
07/10 13:31:56 IP 178.162.197.1.52371 > 194.97.70.164.5060: SIP, length: 407
07/10 14:17:01 IP 178.162.197.1.52371 > 194.97.70.93.5060: SIP, length: 405
07/10 16:22:31 IP 178.162.197.1.52371 > 195.30.4.46.5060: SIP, length: 404
07/10 16:43:13 IP 178.162.197.1.52371 > 193.149.51.90.5060: SIP, length: 405
07/10 19:45:26 IP 178.162.197.1.52371 > 195.30.4.51.5060: SIP, length: 405
07/10 21:19:35 IP 178.162.197.1.52371 > 194.97.70.85.5060: SIP, length: 401
07/11 03:17:02 IP 178.162.197.1.52371 > 195.30.4.168.5060: SIP, length: 405
07/11 04:39:23 IP 178.162.197.1.52371 > 195.30.4.237.5060: SIP, length: 405
07/11 04:58:18 IP 178.162.197.1.52371 > 193.149.51.210.5060: SIP, length: 406
07/11 06:02:25 IP 178.162.197.1.52371 > 194.97.70.144.5060: SIP, length: 406
07/11 07:03:21 IP 178.162.197.1.52371 > 194.97.71.165.5060: SIP, length: 403
07/11 09:58:08 IP 178.162.197.1.52371 > 194.97.70.2.5060: SIP, length: 404
07/11 13:51:52 IP 178.162.197.1.35364 > 194.97.71.97.5060: SIP, length: 404
07/11 14:25:46 IP 178.162.197.1.35364 > 195.30.4.76.5060: SIP, length: 404
07/11 16:17:26 IP 178.162.197.1.35364 > 193.149.51.191.5060: SIP, length: 406
07/11 16:25:47 IP 178.162.197.1.35364 > 193.149.51.189.5060: SIP, length: 407
07/11 17:39:40 IP 178.162.197.1.35364 > 194.97.71.18.5060: SIP, length: 405
07/11 20:23:57 IP 178.162.197.1.35364 > 193.149.51.150.5060: SIP, length: 403
07/11 22:05:42 IP 178.162.197.1.35364 > 194.97.70.218.5060: SIP, length: 406
07/12 03:45:30 IP 178.162.197.1.35364 > 195.30.4.69.5060: SIP, length: 404
07/12 05:55:09 IP 178.162.197.1.35364 > 193.149.51.168.5060: SIP, length: 408
07/12 06:22:48 IP 178.162.197.1.35364 > 195.30.4.29.5060: SIP, length: 404
07/12 10:54:15 IP 178.162.197.1.35364 > 193.149.51.198.5060: SIP, length: 407
07/12 13:12:43 IP 178.162.197.1.35364 > 195.30.4.36.5060: SIP, length: 404
07/12 13:18:17 IP 178.162.197.1.35364 > 195.30.4.157.5060: SIP, length: 404
07/12 15:18:24 IP 178.162.197.1.35364 > 194.97.71.249.5060: SIP, length: 406
07/12 17:06:54 IP 178.162.197.1.35364 > 194.97.70.3.5060: SIP, length: 404
07/12 21:21:59 IP 178.162.197.1.35364 > 193.149.51.255.5060: SIP, length: 407
07/12 22:32:13 IP 178.162.197.1.35364 > 195.30.4.178.5060: SIP, length: 405
07/12 23:59:30 IP 178.162.197.1.35364 > 194.97.71.172.5060: SIP, length: 406
07/13 02:11:24 IP 178.162.197.1.35364 > 195.30.4.227.5060: SIP, length: 405
07/13 02:15:05 IP 178.162.197.1.35364 > 195.30.4.199.5060: SIP, length: 404
07/13 03:24:15 IP 178.162.197.1.35364 > 193.149.51.214.5060: SIP, length: 407
07/13 03:35:48 IP 178.162.197.1.35364 > 194.97.70.118.5060: SIP, length: 406
07/13 05:18:59 IP 178.162.197.1.35364 > 195.30.4.13.5060: SIP, length: 404
07/13 11:56:04 IP 178.162.197.1.35364 > 195.30.4.222.5060: SIP, length: 406
07/13 12:37:10 IP 178.162.197.1.35364 > 195.30.4.254.5060: SIP, length: 404
07/13 18:15:55 IP 178.162.197.1.38653 > 194.97.70.111.5060: SIP, length: 406
07/13 21:03:17 IP 178.162.197.1.38653 > 195.30.4.193.5060: SIP, length: 405
07/13 22:27:16 IP 178.162.197.1.38653 > 194.97.70.123.5060: SIP, length: 405
07/14 01:54:21 IP 178.162.197.1.38653 > 194.97.70.67.5060: SIP, length: 405
07/14 03:12:22 IP 178.162.197.1.38653 > 195.30.4.207.5060: SIP, length: 405
07/14 03:32:46 IP 178.162.197.1.38653 > 194.97.70.201.5060: SIP, length: 403
07/14 03:54:45 IP 178.162.197.1.38653 > 194.97.71.232.5060: SIP, length: 406
07/14 05:21:58 IP 178.162.197.1.38653 > 195.30.4.146.5060: SIP, length: 405
07/14 07:25:00 IP 178.162.197.1.38653 > 194.97.70.202.5060: SIP, length: 406
07/14 09:24:18 IP 178.162.197.1.38653 > 195.30.4.178.5060: SIP, length: 404
07/14 09:45:48 IP 178.162.197.1.38653 > 194.97.70.53.5060: SIP, length: 403
07/14 13:09:37 IP 178.162.197.1.38653 > 195.30.4.183.5060: SIP, length: 405
07/14 13:27:26 IP 178.162.197.1.38653 > 194.97.70.114.5060: SIP, length: 404
07/14 13:48:01 IP 178.162.197.1.38653 > 194.97.71.69.5060: SIP, length: 403
07/14 14:05:53 IP 178.162.197.1.38653 > 194.97.71.241.5060: SIP, length: 406
07/14 14:23:10 IP 178.162.197.1.38653 > 194.97.70.124.5060: SIP, length: 406
07/14 14:37:26 IP 178.162.197.1.38653 > 195.30.4.49.5060: SIP, length: 404
07/14 15:14:10 IP 178.162.197.1.38653 > 194.97.70.9.5060: SIP, length: 405
07/14 16:14:12 IP 178.162.197.1.38653 > 193.149.51.47.5060: SIP, length: 406
07/14 20:49:16 IP 178.162.197.1.38653 > 193.149.51.61.5060: SIP, length: 406
07/14 23:09:59 IP 178.162.197.1.38653 > 195.30.4.155.5060: SIP, length: 405
07/15 00:15:21 IP 178.162.197.1.38653 > 194.97.71.127.5060: SIP, length: 406
07/15 00:55:40 IP 178.162.197.1.38653 > 193.149.51.97.5060: SIP, length: 405
07/15 01:13:17 IP 178.162.197.1.38653 > 194.97.71.11.5060: SIP, length: 403
07/15 01:52:44 IP 178.162.197.1.38653 > 194.97.71.248.5060: SIP, length: 405
07/15 02:33:43 IP 178.162.197.1.38653 > 194.97.70.172.5060: SIP, length: 405
07/15 03:53:32 IP 178.162.197.1.38653 > 194.97.71.246.5060: SIP, length: 406
07/15 04:49:55 IP 178.162.197.1.38653 > 195.30.4.1.5060: SIP, length: 403
07/15 06:15:21 IP 178.162.197.1.38653 > 194.97.70.193.5060: SIP, length: 406
07/15 06:21:55 IP 178.162.197.1.38653 > 193.149.51.64.5060: SIP, length: 406
07/15 07:53:33 IP 178.162.197.1.38653 > 194.97.71.12.5060: SIP, length: 405
07/15 08:59:14 IP 178.162.197.1.38653 > 195.30.4.73.5060: SIP, length: 404
07/15 10:14:51 IP 178.162.197.1.38653 > 194.97.70.40.5060: SIP, length: 405
07/15 12:55:01 IP 178.162.197.1.38653 > 194.97.71.133.5060: SIP, length: 406
07/15 14:45:09 IP 178.162.197.1.38653 > 194.97.71.93.5060: SIP, length: 403
07/15 14:48:26 IP 178.162.197.1.38653 > 193.149.51.118.5060: SIP, length: 404
07/15 15:13:24 IP 178.162.197.1.38653 > 195.30.4.156.5060: SIP, length: 405
07/15 18:24:31 IP 178.162.197.1.38653 > 195.30.4.234.5060: SIP, length: 405
07/15 18:46:15 IP 178.162.197.1.38653 > 193.149.51.33.5060: SIP, length: 404
07/15 19:06:01 IP 178.162.197.1.38653 > 194.97.70.102.5060: SIP, length: 406
07/15 21:44:34 IP 178.162.197.1.50730 > 193.149.51.208.5060: SIP, length: 406
07/16 00:43:28 IP 178.162.197.1.50730 > 195.30.4.180.5060: SIP, length: 405
07/16 02:21:29 IP 178.162.197.1.50730 > 193.149.51.17.5060: SIP, length: 405
07/16 04:21:10 IP 178.162.197.1.50730 > 195.30.4.167.5060: SIP, length: 405
07/16 05:09:28 IP 178.162.197.1.50730 > 194.97.71.190.5060: SIP, length: 406
07/16 05:34:28 IP 178.162.197.1.50730 > 194.97.70.166.5060: SIP, length: 403
07/16 06:26:21 IP 178.162.197.1.50730 > 195.30.4.190.5060: SIP, length: 405
07/16 08:17:40 IP 178.162.197.1.50730 > 195.30.4.16.5060: SIP, length: 405
07/16 10:03:13 IP 178.162.197.1.50730 > 193.149.51.37.5060: SIP, length: 406
07/16 13:17:08 IP 178.162.197.1.50730 > 193.149.51.113.5060: SIP, length: 405
07/16 13:24:09 IP 178.162.197.1.50730 > 195.30.4.65.5060: SIP, length: 404
07/16 13:45:22 IP 178.162.197.1.50730 > 193.149.51.178.5060: SIP, length: 407
07/16 15:10:31 IP 178.162.197.1.50730 > 194.97.71.189.5060: SIP, length: 405
07/16 15:21:08 IP 178.162.197.1.50730 > 193.149.51.228.5060: SIP, length: 406
07/16 15:23:06 IP 178.162.197.1.50730 > 193.149.51.193.5060: SIP, length: 406
07/16 17:45:07 IP 178.162.197.1.50730 > 194.97.70.154.5060: SIP, length: 404

--------- raw tcpdump output ----------

Layer 7 filters will be setup to mark abusive packets

Also Read

Network attack received from an IP on your network
Hi, We have detected a network attack from an IP ( Redacted ) from your network, a computer...
UK SPAM Static IP Server
X-Originalarrivaltime: 25 Jul 2014 15:11:43.0391 (UTC) FILETIME=[BE648AF0:01CFA81A] MIME-Version:...
brute force attempt
> Your IP address [162.253.128.212] has been blocked for attacking sshd > on our network....
New Jersey DMCA - True Detective S01E01 HDTV x264-KILLERS[ettv]
DATE:2014-04-11T00:45:32ZDear Sir/Madam,We are writing this message on behalf of HOME BOX OFFICE,...
Network attack received from an IP on your network
Hi, We have detected a network attack from an IP ( Redacted ) from your network, a computer...