I just wanted to give you a quick reminder that SIP scanning remains quite popular on the Internet. These probes can lead to compromise and fraud against your VoIP systems. Make sure you do not have VoIP systems exposed to the Internet without proper controls. If you review your logs on the Internet perimeter, SIP scans will look similar to this:
This was captured from the HITME using HoneyPoint Personal Edition.
2013-09-30 17:02:18 – HoneyPoint received a probe from 220.127.116.11 on port 23
Input: OPTIONS sip:nm SIP/2.0
Via: SIP/2.0/TCP nm;branch=foo
CSeq: 42 OPTIONS
Keep an inventory of your VoIP exposures. They remain a high area of interest for attackers.