Hi<div><br></div><div>This is nice.</div><div><br></div><div>We publish similar data for honeypot attacks which might be useful to someone:</div><div><a href="http://mirror.simwood.com/honeypot/">http://mirror.simwood.com/honeypot/</a></div>
<div><br></div><div>There's a major caveat with any data like this though when automating and that is the potential to spoof addresses or use well known addresses on their behalf. There's one simple attack for example that attempts to dictionary attack admin pages uses Google crawlers.</div>
<div><br></div><div>cheers</div><div>Simon</div><div><br></div><div><br><div class="gmail_quote">On 9 January 2013 19:08, J. Oquendo <span dir="ltr"><<a href="mailto:sil@infiltrated.net" target="_blank">sil@infiltrated.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
So I rebuilt/redesigned/re-deployed a script to add bad<br>
hosts to a blacklist. Script is monitoring my SBCs, hosted<br>
PBXs, etc., aggregated, sorted, then reported. Tried to<br>
remove duplicate addresses. Also, because I deal with<br>
forensics and malware, I did a similar script for bad sites<br>
that are serving out malware.<br>
<br>
For VoIP attacks, one can make a script to check for VoIP<br>
based attackers and block them on the fly. E.g,:<br>
<br>
links -dump <a href="http://twitter.com/efensive|awk" target="_blank">twitter.com/efensive|awk</a> '/VoIP/'<br>
<br>
To make say an automated ipfilter rule:<br>
<br>
links -dump <a href="http://twitter.com/efensive" target="_blank">twitter.com/efensive</a> |\<br>
awk '{print "iptables -A INPUT -s "$1" -j DROP"}' |sort -u|\<br>
sh<br>
<br>
Same goes for any other style rule (ASA, PIX, ScreenOS on<br>
the command line) You get the point. Enjoy. (Cross posted to<br>
Voice Ops)<br>
<br>
--<br>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+<br>
J. Oquendo<br>
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM<br>
<br>
"Where ignorance is our master, there is no possibility of<br>
real peace" - Dalai Lama<br>
<br>
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF<br>
<a href="http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF" target="_blank">http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF</a><br>
_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>--<div><br><font color="#2c2c2c" face="Arial, Helvetica, sans-serif"><span style="font-size:12px;line-height:14px"><div>"Here’s to the crazy ones. The misfits. The rebels. The troublemakers. The round pegs in the square holes. The ones who see things differently. They’re not fond of rules. And they have no respect for the status quo.You can quote them, disagree with them, glorify or vilify them. About the only thing you can’t do is ignore them. Because they change things. They push the human race forward. And while some may see them as the crazy ones, we see genius. Because the people who are crazy enough to think they can change the world, are the ones who do." </div>
<div><br></div><div>Steve Jobs, <a href="http://www.youtube.com/watch?feature=player_embedded&v=8rwsuXHA7RA" target="_blank">Think Different</a></div></span></font></div><div><br></div><div>***</div><div><br></div><div>
Simon Woodhead FCSI</div><div>Managing Director<br><a href="http://www.simwood.com" target="_blank"><img src="http://www.simwood.com/images/simwood_143x59.gif"></a></div><div>Simwood eSMS Limited</div><div>Wholesale Telecommunications<br>
<br></div><div>w: <a href="http://www.simwood.com" target="_blank">http://www.simwood.com</a></div><div>t: <a href="https://twitter.com/#!/simwoodesms" target="_blank">@simwoodesms</a></div><div><br>direct line: +44 (0) 29 2120 2121<br>
direct fax: +44 (0) 29 2120 2021<br><br>reception: +44 (0) 29 2120 2120<br>main fax: +44 (0) 29 2120 2020<br></div>
</div>
<pre>--
***** Email confidentiality notice *****
This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.
Simwood eSMS Limited is a limited company registered in England and Wales. Registered number: 03379831. Registered office: c/o HW Chartered Accountants, Keepers Lane, The Wergs, Wolverhampton, WV6 8UA. Trading address: Falcon Drive, Cardiff Bay, Cardiff, CF10 4RU.