similar to: Asterisk HoneyPot

The results of a security experiment were published this week, in which an Asterisk PBX was set out in the wild to see who would attack it and how: http://www.telium.ca/?honeypot1 What I find particularly interesting is that people/bots are scraping support websites looking for valid IP's of PBX's, and valid credentials! A good reminder to everyone on this list to not publish the IP

I concur with Nico ? logging plaintext passwords is an extremely bad idea. The tone of the poster also leaves much to be desired ? but I?ll hold my tongue for now. -- Regards, Uri Blumenthal On 12/18/16, 11:48, "openssh-unix-dev on behalf of Nico Kadel-Garcia" <openssh-unix-dev-bounces+uri=ll.mit.edu at mindrot.org on behalf of nkadel at gmail.com> wrote: On Sun, Dec 18,

Also, if password-based auth is not allowed, WTF would you want to log passwords? This whole idea is ugly, and smacks of a teenage-level prank attempt. I would strongly object against any such modification of the main source (though I'm sure the maintainers are sane enough to never let such a crap in). Of course the original poster is free to hack his own copy in whatever way he wants.?

Hi, Given the recent increase in SIP brute force attacks, I've had a little idea. The standard scripts that block after X attempts work well to prevent you actually being compromised, but once you've been 'found' then the attempts seem to keep coming for quite some time. Older versions of sipvicious don't appear to stop once you start sending un-reachables (or straight

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that

>> Back to the original question, for those of you using Fail2Ban, >> Does it take an unusually high amount of break-in attempts before > attackers are banned? >> I have it set to 5 attempts in fail2ban but usually, the attacker is able > to make over 100 attempts before fail2ban bans them. >> I've tried this using asterisk's /var/log/asterisk/messages and

On Fri, 12 Apr 2019, mj wrote: > What we do is: use https://github.com/trick77/ipset-blacklist to block IPs > (from various existing blacklists) at the iptables level using an ipset. "www.blocklist.de" is a nifty source. Could you suggest other publically available blacklists? > That way, the known bad IPs never even talk to dovecot, but are dropped > immediately. We

>>> Perhaps if there was a Asterisk RBL we could all contribute to; for >>> which we could then hook into and drop any connection where a >>> source IP is listed ? -- Thanks, Phil >>> >> >> I love the idea of a RBL... count me in for contributing. >> >> Especially considering the ridiculous response I received from >> Amazon.

I've been checking and doublechecking my settings, but I have not mail from the list all weekend. I've just checked the archives, and see that there are some messages that I just never received. Did this message make it ? Am I a list-orphan ? If a kind person reads this, please could you send a response directly to the return address - asterisk at dotr dot com (check the archives, I

//// Supercharge your computer with Desktop Server 98 //// * * * Removal instructions below: * * * Get $249 Worth of FREE Bulk Email Software Today! Pardon me for the intrusion. Did you know that Desktop Server 98 is the exact same bulk email software all the big advertising companies use? Including Myself! It's the simplest bulk email software in the world. If your looking for a

/// HOW TO ADVERTISE ON THE INTERNET FREE /// "Are your advertising expenses to high?" "Are you looking for new ways to sell your product or service?" "Do you have any idea the amount of money you could make through the form of bulk email?" (..)---------This Is How We Can Help You----------(..) Here's an outstanding bulk email software offer that may

On 17/11/2014 07:23, Ron Leach wrote: > On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered): >> Am 16.11.2014 um 02:24 schrieb Reindl Harald: >> >>> * if you find a security issue in postfix running >>> on 587 over TLS cry out loud > > I'm thinking beyond that; I want to get to the position that when > there is an issue in the MTA, our

Hi, RUXCON is quickly approaching yet again. This e-mail is to bring you up to date on the latest developments on this years conference. Our speakers list is complete [1] and our timetable has been finalised [2]. Below is a list of presentations for RUXCON 2005 (in order of acceptance): 1. Breaking Mac OSX - Ilja Van Sprundel & Neil Archibald 2. Binary protection schemes - Andrew

Update to the mozilla vulnerabilities wich were not Publicly reported (To MY standard, for BSD/Cros platform users) , so i performed my own research,PoC's etc, and have submitted all my results. I wont say i had ANYTHING atall todo with the Update, BUT please Update a.s.a.p to mozilla v1.0.4 , that should stop atleast ONE exploit, the other may be a simple matter oif not allowing your

Roger Marquis wrote: > [snip] > >It takes all of 2 seconds to generate a ssh 2 new session on a >500Mhz cpu (causing less than 20% utilization). Considering that >99% of even the most heavily loaded servers have more than enough >cpu for this task I don't really see it as an issue. > >Also, by generating a different key for each session you get better >entropy,

Hope to get some attention about this idea to reduce hacking passwords. Here is a list of about 700,000 IP addresses that are hacking passwords through SMTP AUTH http://ipadmin.junkemailfilter.com/auth-hack.txt This is a list of IP addresses that attempted to authenticate against my fake AUTH advertizing on servers with no authentication. We do front end spam filtering for thousands of

after having my own dnsbl feeded by a honeypot and even mod_security supports it for webservers i think dovecot sould support the same to prevent dictionary attacks from known bad hosts, in our case that blacklist is 100% trustable and blocks before SMTP-Auth while normal RBL's are after SASL i admit that i am not a C/C++-programmer, but i think doing the DNS request and in case it has a

Hello Is it possible to make ADMIN$ share (Samba 3.0.14a) world writeable and pointing to specific directory ? I am interested in building some sort of honey pot that would allow virus to transfer files to ADMIN$ under putting mode logging around. Any other solutions with samba ? Martynas

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:52 Security Advisory FreeBSD, Inc. Topic: TCP uses weak initial sequence numbers Category: core Module: kernel Announced: 2000-10-06

I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list. I have the list - and the list is available as a DNS blacklist. I'd like to have it work with both local IP lists or RBL lookup. The idea is so hackers from known IP addresses never succeed. If Dovecot provides the feature