J. Oquendo
2011-Sep-22 14:37 UTC
[asterisk-users] VoIP Abuse to Twitter (real time VoIP Abuse)
Apologies for cross posting but some of us aren't on the other list
(vice/versa) and thought both groups would benefit.
For those familiar with the VoIP Abuse Project, no need to explain the
gist of this. I got tired of parsing through the alerts (lists) I
receive via email daily. They're long and sometimes I don't have the
time to post them all. So for now, posting VoIP Abuse addresses straight
to Twitter.
So, anyone trying to compromise a pbx, is now autoposted on an hourly
basis to Twitter. Still working on pulling, have about 4 machines linked
up now, will mop em up during the week.
http://twitter.com/#!/voipabuse
Now, you can concoct a quick script off of it, e.g.:
links -dump "http://twitter.com/voipabuse"|awk '/attacker/{print
"iptables -A INPUT -s "$2" -j DROP"| "sort
-u"}'
Will get a quickie soon from my Acme's, nCites, etc. when I have time.
For those NOT familiar with it, please Google it as I don't feel like
typing anymore ;) (sorry)
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
vip killa
2011-Sep-22 15:05 UTC
[asterisk-users] VoIP Abuse to Twitter (real time VoIP Abuse)
very cool! On Thu, Sep 22, 2011 at 10:37 AM, J. Oquendo <asterisk at tormenting.net>wrote:> > Apologies for cross posting but some of us aren't on the other list > (vice/versa) and thought both groups would benefit. > > For those familiar with the VoIP Abuse Project, no need to explain the > gist of this. I got tired of parsing through the alerts (lists) I > receive via email daily. They're long and sometimes I don't have the > time to post them all. So for now, posting VoIP Abuse addresses straight > to Twitter. > > So, anyone trying to compromise a pbx, is now autoposted on an hourly > basis to Twitter. Still working on pulling, have about 4 machines linked > up now, will mop em up during the week. > > http://twitter.com/#!/voipabuse > > Now, you can concoct a quick script off of it, e.g.: > > links -dump "http://twitter.com/voipabuse"|awk '/attacker/{print > "iptables -A INPUT -s "$2" -j DROP"| "sort -u"}' > > Will get a quickie soon from my Acme's, nCites, etc. when I have time. > > For those NOT familiar with it, please Google it as I don't feel like > typing anymore ;) (sorry) > > > > -- > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > J. Oquendo > SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM > > "It takes 20 years to build a reputation and five minutes to > ruin it. If you think about that, you'll do things > differently." - Warren Buffett > > 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110922/61b69dc3/attachment.htm>
Andrew Thomas
2011-Sep-29 09:20 UTC
[asterisk-users] VoIP Abuse to Twitter (real time VoIP Abuse)
This is a brilliant idea. How do I contribute my attackers to this
list?
Cheers
Andy
________________________________
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Robert
Huddleston
Sent: 22 September 2011 16:11
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] VoIP Abuse to Twitter (real time VoIP
Abuse)
Sounds like a great idea.. Hopefully the page/account never gets hacked
and bad IP's published.. I could see a great hack of
127.0.0.1
192.168.0.0/16
10.0.0.0/8
getting up there somehow and next thing you know - BAM!
But I haven't RTFM - I'm guessing there is probably a white list that
supersedes the naughty list.
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of vip killa
Sent: Thursday, September 22, 2011 11:06 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] VoIP Abuse to Twitter (real time VoIP
Abuse)
very cool!
On Thu, Sep 22, 2011 at 10:37 AM, J. Oquendo <asterisk at tormenting.net>
wrote:
Apologies for cross posting but some of us aren't on the other list
(vice/versa) and thought both groups would benefit.
For those familiar with the VoIP Abuse Project, no need to explain the
gist of this. I got tired of parsing through the alerts (lists) I
receive via email daily. They're long and sometimes I don't have the
time to post them all. So for now, posting VoIP Abuse addresses straight
to Twitter.
So, anyone trying to compromise a pbx, is now autoposted on an hourly
basis to Twitter. Still working on pulling, have about 4 machines linked
up now, will mop em up during the week.
http://twitter.com/#!/voipabuse
Now, you can concoct a quick script off of it, e.g.:
links -dump "http://twitter.com/voipabuse"|awk '/attacker/{print
"iptables -A INPUT -s "$2" -j DROP"| "sort
-u"}'
Will get a quickie soon from my Acme's, nCites, etc. when I have time.
For those NOT familiar with it, please Google it as I don't feel like
typing anymore ;) (sorry)
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
If you have received this communication in error we would appreciate
you advising us either by telephone or return of e-mail. The contents
of this message, and any attachments, are the property of DataVox,
and are intended for the confidential use of the named recipient only.
If you are not the intended recipient, employee or agent responsible
for delivery of this message to the intended recipient, take note that
any dissemination, distribution or copying of this communication and
its attachments is strictly prohibited, and may be subject to civil or
criminal action for which you may be liable.
Every effort has been made to ensure that this e-mail or any attachments
are free from viruses. While the company has taken every reasonable
precaution to minimise this risk, neither company, nor the sender can
accept liability for any damage which you sustain as a result of viruses.
It is recommended that you should carry out your own virus checks
before opening any attachments.
Registered in England. No. 27459085.