similar to: Asterisk HoneyPot

Displaying 20 results from an estimated 5000 matches similar to: "Asterisk HoneyPot"

2015 Jun 03
1
Results of security honeypot experiment - scraping for IP's/credentials ?
The results of a security experiment were published this week, in which an Asterisk PBX was set out in the wild to see who would attack it and how: http://www.telium.ca/?honeypot1 What I find particularly interesting is that people/bots are scraping support websites looking for valid IP's of PBX's, and valid credentials! A good reminder to everyone on this list to not publish the IP
2016 Dec 18
2
Extend logging of openssh-server - e.g. plaintext password
I concur with Nico ? logging plaintext passwords is an extremely bad idea. The tone of the poster also leaves much to be desired ? but I?ll hold my tongue for now. -- Regards, Uri Blumenthal On 12/18/16, 11:48, "openssh-unix-dev on behalf of Nico Kadel-Garcia" <openssh-unix-dev-bounces+uri=ll.mit.edu at mindrot.org on behalf of nkadel at gmail.com> wrote: On Sun, Dec 18,
2016 Dec 18
2
Extend logging of openssh-server - e.g. plaintext password
Also, if password-based auth is not allowed, WTF would you want to log passwords? This whole idea is ugly, and smacks of a teenage-level prank attempt. I would strongly object against any such modification of the main source (though I'm sure the maintainers are sane enough to never let such a crap in). Of course the original poster is free to hack his own copy in whatever way he wants.?
2010 Oct 21
5
SIP Blacklisting
Hi, Given the recent increase in SIP brute force attacks, I've had a little idea. The standard scripts that block after X attempts work well to prevent you actually being compromised, but once you've been 'found' then the attempts seem to keep coming for quite some time. Older versions of sipvicious don't appear to stop once you start sending un-reachables (or straight
2005 Oct 02
11
Repeated attacks via SSH
Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that
2011 Mar 31
0
asterisk-users Digest, Vol 80, Issue 73
>> Back to the original question, for those of you using Fail2Ban, >> Does it take an unusually high amount of break-in attempts before > attackers are banned? >> I have it set to 5 attempts in fail2ban but usually, the attacker is able > to make over 100 attempts before fail2ban bans them. >> I've tried this using asterisk's /var/log/asterisk/messages and
2019 Apr 12
1
Mail account brute force / harassment
On Fri, 12 Apr 2019, mj wrote: > What we do is: use https://github.com/trick77/ipset-blacklist to block IPs > (from various existing blacklists) at the iptables level using an ipset. "www.blocklist.de" is a nifty source. Could you suggest other publically available blacklists? > That way, the known bad IPs never even talk to dovecot, but are dropped > immediately. We
2010 Apr 12
2
Being attacked by an Amazon EC2
>>> Perhaps if there was a Asterisk RBL we could all contribute to; for >>> which we could then hook into and drop any connection where a >>> source IP is listed ? -- Thanks, Phil >>> >> >> I love the idea of a RBL... count me in for contributing. >> >> Especially considering the ridiculous response I received from >> Amazon.
2004 Dec 06
0
Is the list down, or is it just me
I've been checking and doublechecking my settings, but I have not mail from the list all weekend. I've just checked the archives, and see that there are some messages that I just never received. Did this message make it ? Am I a list-orphan ? If a kind person reads this, please could you send a response directly to the return address - asterisk at dotr dot com (check the archives, I
1998 Oct 28
0
"Test Drive" our easy to use FREE Bulk E-Mail
//// Supercharge your computer with Desktop Server 98 //// * * * Removal instructions below: * * * Get $249 Worth of FREE Bulk Email Software Today! Pardon me for the intrusion. Did you know that Desktop Server 98 is the exact same bulk email software all the big advertising companies use? Including Myself! It's the simplest bulk email software in the world. If your looking for a
1999 Jun 16
0
HOW to GET 1,000 New Customers OVERNIGHT!
/// HOW TO ADVERTISE ON THE INTERNET FREE /// "Are your advertising expenses to high?" "Are you looking for new ways to sell your product or service?" "Do you have any idea the amount of money you could make through the form of bulk email?" (..)---------This Is How We Can Help You----------(..) Here's an outstanding bulk email software offer that may
2014 Nov 26
3
2.2.15: SMTP submission server?
On 17/11/2014 07:23, Ron Leach wrote: > On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered): >> Am 16.11.2014 um 02:24 schrieb Reindl Harald: >> >>> * if you find a security issue in postfix running >>> on 587 over TLS cry out loud > > I'm thinking beyond that; I want to get to the position that when > there is an issue in the MTA, our
2005 Sep 19
0
RUXCON 2005 Update
Hi, RUXCON is quickly approaching yet again. This e-mail is to bring you up to date on the latest developments on this years conference. Our speakers list is complete [1] and our timetable has been finalised [2]. Below is a list of presentations for RUXCON 2005 (in order of acceptance): 1. Breaking Mac OSX - Ilja Van Sprundel & Neil Archibald 2. Binary protection schemes - Andrew
2005 May 12
2
Mozilla 1.0.4 security update (Just install it, will keep all settings) + Important note from me,please read,those uninterested,please dont flame ;)
Update to the mozilla vulnerabilities wich were not Publicly reported (To MY standard, for BSD/Cros platform users) , so i performed my own research,PoC's etc, and have submitted all my results. I wont say i had ANYTHING atall todo with the Update, BUT please Update a.s.a.p to mozilla v1.0.4 , that should stop atleast ONE exploit, the other may be a simple matter oif not allowing your
2003 Sep 18
2
[Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh]
Roger Marquis wrote: > [snip] > >It takes all of 2 seconds to generate a ssh 2 new session on a >500Mhz cpu (causing less than 20% utilization). Considering that >99% of even the most heavily loaded servers have more than enough >cpu for this task I don't really see it as an issue. > >Also, by generating a different key for each session you get better >entropy,
2014 Feb 04
3
Applying a DNS RBL to deny authentication?
Hope to get some attention about this idea to reduce hacking passwords. Here is a list of about 700,000 IP addresses that are hacking passwords through SMTP AUTH http://ipadmin.junkemailfilter.com/auth-hack.txt This is a list of IP addresses that attempted to authenticate against my fake AUTH advertizing on servers with no authentication. We do front end spam filtering for thousands of
2014 Jun 17
3
RFE: dnsbl-support for dovecot
after having my own dnsbl feeded by a honeypot and even mod_security supports it for webservers i think dovecot sould support the same to prevent dictionary attacks from known bad hosts, in our case that blacklist is 100% trustable and blocks before SMTP-Auth while normal RBL's are after SASL i admit that i am not a C/C++-programmer, but i think doing the DNS request and in case it has a
2005 Jul 11
1
Samba ADMIN$ share
Hello Is it possible to make ADMIN$ share (Samba 3.0.14a) world writeable and pointing to specific directory ? I am interested in building some sort of honey pot that would allow virus to transfer files to ADMIN$ under putting mode logging around. Any other solutions with samba ? Martynas
2000 Oct 06
0
FreeBSD Security Advisory: FreeBSD-SA-00:52.tcp-iss
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:52 Security Advisory FreeBSD, Inc. Topic: TCP uses weak initial sequence numbers Category: core Module: kernel Announced: 2000-10-06
2013 Oct 22
4
Odd Feature Request - RBL blacklist lookup to prevent authentication
I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list. I have the list - and the list is available as a DNS blacklist. I'd like to have it work with both local IP lists or RBL lookup. The idea is so hackers from known IP addresses never succeed. If Dovecot provides the feature