[VoiceOps] Strange attacks over the weekend

J. Oquendo sil at infiltrated.net
Mon Nov 1 11:01:19 EDT 2010


Sorry for the cross posting to two lists, but I thought everyone on both
lists might benefit from the message(*cough*rambling*)

So yesterday, I had a honeypot host "open to the world." Not one "block
this country" rule on the machine. Normally throughout the past months
I've seen maybe 1 or 2 attacks in parallel, but yesterday was different.
I butchered up a perl script to block on the fly as opposed to blocking
out entire countries and was surprised to see I managed to accumulate
1600+ hosts. Not *that* big of a deal until I started going through some
of the logs...

I'm a bit puzzled because I see hundreds of attacks in parallel
(literally 100-200 connections from different netblocks at the same
time) so I'm thinking... "VoIP Based Botnet?"

Anyhow, still parsing through the wonderful bucketload of logs this
morning. Anyone else see massive activity begininng 10/31?

-- 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E



More information about the VoiceOps mailing list