Hello! Interesting problem that one, Sampsa as applied to the Asterisk PBX. Now the important question, who is or was hosting them? I might know of them? A compromised NAS, interesting. It might have been deliberately spun up that way..... And I agree with you regarding the drivers license and the server issues. ----- Gregg C Levine gregg.drwho8 at gmail.com "This signature fought the Time Wars, time and again." On Thu, Nov 28, 2013 at 6:27 PM, Sampsa Laine <sampsa at mac.com> wrote: Took out another 5 or so attackers today, actually reported one Asterisk PBX (weird, right) to their hosting company in the US, figured they are compromised. All of the hosts I've scanned are basically compromised systems, some poor guys server or the latest one, a NAS unit with all its management ports accessible through the Internet. I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :) sampsa <sampsa at mac.com> mobile +44 7961 149465