[VoiceOps] Twitter Blacklist feed
J. Oquendo
sil at infiltrated.net
Wed Jan 9 14:08:53 EST 2013
So I rebuilt/redesigned/re-deployed a script to add bad
hosts to a blacklist. Script is monitoring my SBCs, hosted
PBXs, etc., aggregated, sorted, then reported. Tried to
remove duplicate addresses. Also, because I deal with
forensics and malware, I did a similar script for bad sites
that are serving out malware.
For VoIP attacks, one can make a script to check for VoIP
based attackers and block them on the fly. E.g,:
links -dump twitter.com/efensive|awk '/VoIP/'
To make say an automated ipfilter rule:
links -dump twitter.com/efensive |\
awk '{print "iptables -A INPUT -s "$1" -j DROP"}' |sort -u|\
sh
Same goes for any other style rule (ASA, PIX, ScreenOS on
the command line) You get the point. Enjoy. (Cross posted to
Voice Ops)
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
More information about the VoiceOps
mailing list