[VOIPSEC] Strange attacks over the weekend
sil at infiltrated.net
Mon Nov 1 15:01:19 GMT 2010
Sorry for the cross posting to two lists, but I thought everyone on both
lists might benefit from the message(*cough*rambling*)
So yesterday, I had a honeypot host "open to the world." Not one "block
this country" rule on the machine. Normally throughout the past months
I've seen maybe 1 or 2 attacks in parallel, but yesterday was different.
I butchered up a perl script to block on the fly as opposed to blocking
out entire countries and was surprised to see I managed to accumulate
1600+ hosts. Not *that* big of a deal until I started going through some
of the logs...
I'm a bit puzzled because I see hundreds of attacks in parallel
(literally 100-200 connections from different netblocks at the same
time) so I'm thinking... "VoIP Based Botnet?"
Anyhow, still parsing through the wonderful bucketload of logs this
morning. Anyone else see massive activity begininng 10/31?
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT
"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett
227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
More information about the Voipsec