[VoiceOps] Twitter Blacklist feed
Ryan Delgrosso
ryandelgrosso at gmail.com
Wed Jan 9 15:32:43 EST 2013
This is interesting, using twitter as a blacklist distribution mechanism.
While I would be weary of using this for any kind of automated blocking
purposes due to the possibility of spoofed addresses, it is an
interesting approach for sure.
I wonder if its worthwhile putting together a similar twitter watchlist
for fraudulent international numbers (IRSF destinations). I know i can
produce a pretty significant list of IRSF destinations that others may
find useful and i am sure the reverse is also true.
On 01/09/2013 11:08 AM, J. Oquendo wrote:
> So I rebuilt/redesigned/re-deployed a script to add bad
> hosts to a blacklist. Script is monitoring my SBCs, hosted
> PBXs, etc., aggregated, sorted, then reported. Tried to
> remove duplicate addresses. Also, because I deal with
> forensics and malware, I did a similar script for bad sites
> that are serving out malware.
>
> For VoIP attacks, one can make a script to check for VoIP
> based attackers and block them on the fly. E.g,:
>
> links -dump twitter.com/efensive|awk '/VoIP/'
>
> To make say an automated ipfilter rule:
>
> links -dump twitter.com/efensive |\
> awk '{print "iptables -A INPUT -s "$1" -j DROP"}' |sort -u|\
> sh
>
> Same goes for any other style rule (ASA, PIX, ScreenOS on
> the command line) You get the point. Enjoy. (Cross posted to
> Voice Ops)
>
More information about the VoiceOps
mailing list