[VoiceOps] Twitter Blacklist feed

Wed Jan 9 15:23:09 EST 2013

Hi

This is nice.

We publish similar data for honeypot attacks which might be useful to
someone:
http://mirror.simwood.com/honeypot/

There's a major caveat with any data like this though when automating and
that is the potential to spoof addresses or use well known addresses on
their behalf. There's one simple attack for example that attempts to
dictionary attack admin pages uses Google crawlers.

cheers
Simon

On 9 January 2013 19:08, J. Oquendo <sil at infiltrated.net> wrote:

>
> So I rebuilt/redesigned/re-deployed a script to add bad
> hosts to a blacklist. Script is monitoring my SBCs, hosted
> PBXs, etc., aggregated, sorted, then reported. Tried to
> remove duplicate addresses. Also, because I deal with
> forensics and malware, I did a similar script for bad sites
> that are serving out malware.
>
> For VoIP attacks, one can make a script to check for VoIP
> based attackers and block them on the fly. E.g,:
>
> links -dump twitter.com/efensive|awk '/VoIP/'
>
> To make say an automated ipfilter rule:
>
> links -dump twitter.com/efensive |\
> awk '{print "iptables -A INPUT -s "$1" -j DROP"}' |sort -u|\
> sh
>
> Same goes for any other style rule (ASA, PIX, ScreenOS on
> the command line) You get the point. Enjoy. (Cross posted to
> Voice Ops)
>
> --
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>
> "Where ignorance is our master, there is no possibility of
> real peace" - Dalai Lama
>
> 42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>

-- 
--

"Here’s to the crazy ones. The misfits. The rebels. The troublemakers. The
round pegs in the square holes. The ones who see things differently.
They’re not fond of rules. And they have no respect for the status quo.You
can quote them, disagree with them, glorify or vilify them. About the only
thing you can’t do is ignore them. Because they change things. They push
the human race forward. And while some may see them as the crazy ones, we
see genius. Because the people who are crazy enough to think they can
change the world, are the ones who do."

Steve Jobs, Think
Different<http://www.youtube.com/watch?feature=player_embedded&v=8rwsuXHA7RA>

***

Simon Woodhead FCSI
Managing Director
<http://www.simwood.com>
Simwood eSMS Limited
Wholesale Telecommunications

w: http://www.simwood.com
t: @simwoodesms <https://twitter.com/#!/simwoodesms>

direct line: +44 (0) 29 2120 2121
direct fax: +44 (0) 29 2120 2021

reception: +44 (0) 29 2120 2120
main fax: +44 (0) 29 2120 2020

--
***** Email confidentiality notice *****

This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.

Simwood eSMS Limited is a limited company registered in England and Wales. Registered number: 03379831. Registered office: c/o HW Chartered Accountants, Keepers Lane, The Wergs, Wolverhampton, WV6 8UA. Trading address: Falcon Drive, Cardiff Bay, Cardiff, CF10 4RU.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20130109/f2ccd47c/attachment.html>