<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>I'm observing that fraudsters are attempting SQL injections
      within various SIP headers, e.g.</p>
    <pre>Contact: <a class="moz-txt-link-rfc2396E" href="sip:a'or'3=3--@x.x.x.x:5060;transport=UDP"><sip:a'or'3=3--@x.x.x.x:5060;transport=UDP></a>
From: <a class="moz-txt-link-rfc2396E" href="sip:a'or'3=3--@x.x.x.x;transport=UDP"><sip:a'or'3=3--@x.x.x.x;transport=UDP></a>;tag=t1cqzx35
</pre>
    <p>Just a head's up to those using SQL queries in their dial plans
      to be careful to always *escape* the wrath!<br>
    </p>
  </body>
</html>