our IDS found suspicious activity from 178.162.197.1, please investigate!

The packets form a network scan for udp/5060 (99 machines scanned).

A detailed 'tcpdump' log containing the first 100 packets can be found below.
All time stamps listed below are GMT+2 (MEDT, central european daylight time).

One possible reason for these packets is that the sending machine was
infected by a virus or trojan, or maybe it was hacked and is now used to 
attack others networks.  Both is very common these days (unfortunately).

Abuse-E-Mail (whois.ripe.net): abuse@de.leaseweb.com

regards,

Gert Doering
     SpaceNet Netmaster


--------- raw tcpdump output ----------
07/09 21:10:37 IP 178.162.197.1.52371 > 195.30.4.188.5060: SIP, length: 403
07/09 21:21:02 IP 178.162.197.1.52371 > 194.97.70.253.5060: SIP, length: 406
07/09 22:19:28 IP 178.162.197.1.52371 > 194.97.70.127.5060: SIP, length: 406
07/10 01:36:19 IP 178.162.197.1.52371 > 193.149.51.6.5060: SIP, length: 405
07/10 02:36:42 IP 178.162.197.1.52371 > 194.97.71.194.5060: SIP, length: 407
07/10 04:36:54 IP 178.162.197.1.52371 > 194.97.70.88.5060: SIP, length: 403
07/10 05:40:28 IP 178.162.197.1.52371 > 194.97.71.217.5060: SIP, length: 406
07/10 13:31:56 IP 178.162.197.1.52371 > 194.97.70.164.5060: SIP, length: 407
07/10 14:17:01 IP 178.162.197.1.52371 > 194.97.70.93.5060: SIP, length: 405
07/10 16:22:31 IP 178.162.197.1.52371 > 195.30.4.46.5060: SIP, length: 404
07/10 16:43:13 IP 178.162.197.1.52371 > 193.149.51.90.5060: SIP, length: 405
07/10 19:45:26 IP 178.162.197.1.52371 > 195.30.4.51.5060: SIP, length: 405
07/10 21:19:35 IP 178.162.197.1.52371 > 194.97.70.85.5060: SIP, length: 401
07/11 03:17:02 IP 178.162.197.1.52371 > 195.30.4.168.5060: SIP, length: 405
07/11 04:39:23 IP 178.162.197.1.52371 > 195.30.4.237.5060: SIP, length: 405
07/11 04:58:18 IP 178.162.197.1.52371 > 193.149.51.210.5060: SIP, length: 406
07/11 06:02:25 IP 178.162.197.1.52371 > 194.97.70.144.5060: SIP, length: 406
07/11 07:03:21 IP 178.162.197.1.52371 > 194.97.71.165.5060: SIP, length: 403
07/11 09:58:08 IP 178.162.197.1.52371 > 194.97.70.2.5060: SIP, length: 404
07/11 13:51:52 IP 178.162.197.1.35364 > 194.97.71.97.5060: SIP, length: 404
07/11 14:25:46 IP 178.162.197.1.35364 > 195.30.4.76.5060: SIP, length: 404
07/11 16:17:26 IP 178.162.197.1.35364 > 193.149.51.191.5060: SIP, length: 406
07/11 16:25:47 IP 178.162.197.1.35364 > 193.149.51.189.5060: SIP, length: 407
07/11 17:39:40 IP 178.162.197.1.35364 > 194.97.71.18.5060: SIP, length: 405
07/11 20:23:57 IP 178.162.197.1.35364 > 193.149.51.150.5060: SIP, length: 403
07/11 22:05:42 IP 178.162.197.1.35364 > 194.97.70.218.5060: SIP, length: 406
07/12 03:45:30 IP 178.162.197.1.35364 > 195.30.4.69.5060: SIP, length: 404
07/12 05:55:09 IP 178.162.197.1.35364 > 193.149.51.168.5060: SIP, length: 408
07/12 06:22:48 IP 178.162.197.1.35364 > 195.30.4.29.5060: SIP, length: 404
07/12 10:54:15 IP 178.162.197.1.35364 > 193.149.51.198.5060: SIP, length: 407
07/12 13:12:43 IP 178.162.197.1.35364 > 195.30.4.36.5060: SIP, length: 404
07/12 13:18:17 IP 178.162.197.1.35364 > 195.30.4.157.5060: SIP, length: 404
07/12 15:18:24 IP 178.162.197.1.35364 > 194.97.71.249.5060: SIP, length: 406
07/12 17:06:54 IP 178.162.197.1.35364 > 194.97.70.3.5060: SIP, length: 404
07/12 21:21:59 IP 178.162.197.1.35364 > 193.149.51.255.5060: SIP, length: 407
07/12 22:32:13 IP 178.162.197.1.35364 > 195.30.4.178.5060: SIP, length: 405
07/12 23:59:30 IP 178.162.197.1.35364 > 194.97.71.172.5060: SIP, length: 406
07/13 02:11:24 IP 178.162.197.1.35364 > 195.30.4.227.5060: SIP, length: 405
07/13 02:15:05 IP 178.162.197.1.35364 > 195.30.4.199.5060: SIP, length: 404
07/13 03:24:15 IP 178.162.197.1.35364 > 193.149.51.214.5060: SIP, length: 407
07/13 03:35:48 IP 178.162.197.1.35364 > 194.97.70.118.5060: SIP, length: 406
07/13 05:18:59 IP 178.162.197.1.35364 > 195.30.4.13.5060: SIP, length: 404
07/13 11:56:04 IP 178.162.197.1.35364 > 195.30.4.222.5060: SIP, length: 406
07/13 12:37:10 IP 178.162.197.1.35364 > 195.30.4.254.5060: SIP, length: 404
07/13 18:15:55 IP 178.162.197.1.38653 > 194.97.70.111.5060: SIP, length: 406
07/13 21:03:17 IP 178.162.197.1.38653 > 195.30.4.193.5060: SIP, length: 405
07/13 22:27:16 IP 178.162.197.1.38653 > 194.97.70.123.5060: SIP, length: 405
07/14 01:54:21 IP 178.162.197.1.38653 > 194.97.70.67.5060: SIP, length: 405
07/14 03:12:22 IP 178.162.197.1.38653 > 195.30.4.207.5060: SIP, length: 405
07/14 03:32:46 IP 178.162.197.1.38653 > 194.97.70.201.5060: SIP, length: 403
07/14 03:54:45 IP 178.162.197.1.38653 > 194.97.71.232.5060: SIP, length: 406
07/14 05:21:58 IP 178.162.197.1.38653 > 195.30.4.146.5060: SIP, length: 405
07/14 07:25:00 IP 178.162.197.1.38653 > 194.97.70.202.5060: SIP, length: 406
07/14 09:24:18 IP 178.162.197.1.38653 > 195.30.4.178.5060: SIP, length: 404
07/14 09:45:48 IP 178.162.197.1.38653 > 194.97.70.53.5060: SIP, length: 403
07/14 13:09:37 IP 178.162.197.1.38653 > 195.30.4.183.5060: SIP, length: 405
07/14 13:27:26 IP 178.162.197.1.38653 > 194.97.70.114.5060: SIP, length: 404
07/14 13:48:01 IP 178.162.197.1.38653 > 194.97.71.69.5060: SIP, length: 403
07/14 14:05:53 IP 178.162.197.1.38653 > 194.97.71.241.5060: SIP, length: 406
07/14 14:23:10 IP 178.162.197.1.38653 > 194.97.70.124.5060: SIP, length: 406
07/14 14:37:26 IP 178.162.197.1.38653 > 195.30.4.49.5060: SIP, length: 404
07/14 15:14:10 IP 178.162.197.1.38653 > 194.97.70.9.5060: SIP, length: 405
07/14 16:14:12 IP 178.162.197.1.38653 > 193.149.51.47.5060: SIP, length: 406
07/14 20:49:16 IP 178.162.197.1.38653 > 193.149.51.61.5060: SIP, length: 406
07/14 23:09:59 IP 178.162.197.1.38653 > 195.30.4.155.5060: SIP, length: 405
07/15 00:15:21 IP 178.162.197.1.38653 > 194.97.71.127.5060: SIP, length: 406
07/15 00:55:40 IP 178.162.197.1.38653 > 193.149.51.97.5060: SIP, length: 405
07/15 01:13:17 IP 178.162.197.1.38653 > 194.97.71.11.5060: SIP, length: 403
07/15 01:52:44 IP 178.162.197.1.38653 > 194.97.71.248.5060: SIP, length: 405
07/15 02:33:43 IP 178.162.197.1.38653 > 194.97.70.172.5060: SIP, length: 405
07/15 03:53:32 IP 178.162.197.1.38653 > 194.97.71.246.5060: SIP, length: 406
07/15 04:49:55 IP 178.162.197.1.38653 > 195.30.4.1.5060: SIP, length: 403
07/15 06:15:21 IP 178.162.197.1.38653 > 194.97.70.193.5060: SIP, length: 406
07/15 06:21:55 IP 178.162.197.1.38653 > 193.149.51.64.5060: SIP, length: 406
07/15 07:53:33 IP 178.162.197.1.38653 > 194.97.71.12.5060: SIP, length: 405
07/15 08:59:14 IP 178.162.197.1.38653 > 195.30.4.73.5060: SIP, length: 404
07/15 10:14:51 IP 178.162.197.1.38653 > 194.97.70.40.5060: SIP, length: 405
07/15 12:55:01 IP 178.162.197.1.38653 > 194.97.71.133.5060: SIP, length: 406
07/15 14:45:09 IP 178.162.197.1.38653 > 194.97.71.93.5060: SIP, length: 403
07/15 14:48:26 IP 178.162.197.1.38653 > 193.149.51.118.5060: SIP, length: 404
07/15 15:13:24 IP 178.162.197.1.38653 > 195.30.4.156.5060: SIP, length: 405
07/15 18:24:31 IP 178.162.197.1.38653 > 195.30.4.234.5060: SIP, length: 405
07/15 18:46:15 IP 178.162.197.1.38653 > 193.149.51.33.5060: SIP, length: 404
07/15 19:06:01 IP 178.162.197.1.38653 > 194.97.70.102.5060: SIP, length: 406
07/15 21:44:34 IP 178.162.197.1.50730 > 193.149.51.208.5060: SIP, length: 406
07/16 00:43:28 IP 178.162.197.1.50730 > 195.30.4.180.5060: SIP, length: 405
07/16 02:21:29 IP 178.162.197.1.50730 > 193.149.51.17.5060: SIP, length: 405
07/16 04:21:10 IP 178.162.197.1.50730 > 195.30.4.167.5060: SIP, length: 405
07/16 05:09:28 IP 178.162.197.1.50730 > 194.97.71.190.5060: SIP, length: 406
07/16 05:34:28 IP 178.162.197.1.50730 > 194.97.70.166.5060: SIP, length: 403
07/16 06:26:21 IP 178.162.197.1.50730 > 195.30.4.190.5060: SIP, length: 405
07/16 08:17:40 IP 178.162.197.1.50730 > 195.30.4.16.5060: SIP, length: 405
07/16 10:03:13 IP 178.162.197.1.50730 > 193.149.51.37.5060: SIP, length: 406
07/16 13:17:08 IP 178.162.197.1.50730 > 193.149.51.113.5060: SIP, length: 405
07/16 13:24:09 IP 178.162.197.1.50730 > 195.30.4.65.5060: SIP, length: 404
07/16 13:45:22 IP 178.162.197.1.50730 > 193.149.51.178.5060: SIP, length: 407
07/16 15:10:31 IP 178.162.197.1.50730 > 194.97.71.189.5060: SIP, length: 405
07/16 15:21:08 IP 178.162.197.1.50730 > 193.149.51.228.5060: SIP, length: 406
07/16 15:23:06 IP 178.162.197.1.50730 > 193.149.51.193.5060: SIP, length: 406
07/16 17:45:07 IP 178.162.197.1.50730 > 194.97.70.154.5060: SIP, length: 404

--------- raw tcpdump output ----------

Layer 7 filters will be setup to mark abusive packets

Also Read

DoS attack
Dear Provider, I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m...
Brute Force Attempt
Dear Client, We have received the below abuse message regarding your services. Please deal with...
California - Open Resolver DDoS
You appear to be running an open recursive resolver at IP address 199.241.145.147 that...
IP addresses(es) were blacklisted from the PlayStation Network
To whom it may concern, Pursuant to Sony Network Entertainment International LLC ("SNEI")...
NJ DMCA - Expendables 3 DVDScr
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1***NOTE TO CHOOPA, LLC: PLEASE FORWARD THIS ENTIRE...