VoIP Abuse to Twitter (real time VoIP Abuse)

Home » Asterisk Users » VoIP Abuse to Twitter (real time VoIP Abuse)
Asterisk Users 2 Comments

Apologies for cross posting but some of us aren’t on the other list
(vice/versa) and thought both groups would benefit.

For those familiar with the VoIP Abuse Project, no need to explain the
gist of this. I got tired of parsing through the alerts (lists) I
receive via email daily. They’re long and sometimes I don’t have the
time to post them all. So for now, posting VoIP Abuse addresses straight
to Twitter.

So, anyone trying to compromise a pbx, is now autoposted on an hourly
basis to Twitter. Still working on pulling, have about 4 machines linked
up now, will mop em up during the week.

http://twitter.com/#!/voipabuse

Now, you can concoct a quick script off of it, e.g.:

links -dump “http://twitter.com/voipabuse”|awk ‘/attacker/{print
“iptables -A INPUT -s “$2” -j DROP”| “sort -u”}’

Will get a quickie soon from my Acme’s, nCites, etc. when I have time.

For those NOT familiar with it, please Google it as I don’t feel like
typing anymore 😉 (sorry)

2 thoughts on - VoIP Abuse to Twitter (real time VoIP Abuse)

  • Sounds like a great idea.. Hopefully the page/account never gets hacked and
    bad IP’s published.. I could see a great hack of

    127.0.0.1

    192.168.0.0/16

    10.0.0.0/8

    getting up there somehow and next thing you know – BAM!

    But I haven’t RTFM – I’m guessing there is probably a white list that
    supersedes the naughty list.

    [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of vip killa
    Sent: Thursday, September 22, 2011 11:06 AM

    very cool!

    On Thu, Sep 22, 2011 at 10:37 AM, J. Oquendo
    wrote:

    Apologies for cross posting but some of us aren’t on the other list
    (vice/versa) and thought both groups would benefit.

    For those familiar with the VoIP Abuse Project, no need to explain the
    gist of this. I got tired of parsing through the alerts (lists) I
    receive via email daily. They’re long and sometimes I don’t have the
    time to post them all. So for now, posting VoIP Abuse addresses straight
    to Twitter.

    So, anyone trying to compromise a pbx, is now autoposted on an hourly
    basis to Twitter. Still working on pulling, have about 4 machines linked
    up now, will mop em up during the week.

    http://twitter.com/#!/voipabuse

    Now, you can concoct a quick script off of it, e.g.:

    links -dump “http://twitter.com/voipabuse”|awk ‘/attacker/{print
    “iptables -A INPUT -s “$2” -j DROP”| “sort -u”}’

    Will get a quickie soon from my Acme’s, nCites, etc. when I have time.

    For those NOT familiar with it, please Google it as I don’t feel like
    typing anymore 😉 (sorry)

  • This is a brilliant idea. How do I contribute my attackers to this
    list?

    Cheers
    Andy

    ________________________________

    [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Robert
    Huddleston
    Sent: 22 September 2011 16:11
    Abuse)

    Sounds like a great idea.. Hopefully the page/account never gets hacked
    and bad IP’s published.. I could see a great hack of

    127.0.0.1

    192.168.0.0/16

    10.0.0.0/8

    getting up there somehow and next thing you know – BAM!

    But I haven’t RTFM – I’m guessing there is probably a white list that
    supersedes the naughty list.

    [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of vip killa
    Sent: Thursday, September 22, 2011 11:06 AM
    Abuse)

    very cool!

    On Thu, Sep 22, 2011 at 10:37 AM, J. Oquendo
    wrote:

    Apologies for cross posting but some of us aren’t on the other list
    (vice/versa) and thought both groups would benefit.

    For those familiar with the VoIP Abuse Project, no need to explain the
    gist of this. I got tired of parsing through the alerts (lists) I
    receive via email daily. They’re long and sometimes I don’t have the
    time to post them all. So for now, posting VoIP Abuse addresses straight
    to Twitter.

    So, anyone trying to compromise a pbx, is now autoposted on an hourly
    basis to Twitter. Still working on pulling, have about 4 machines linked
    up now, will mop em up during the week.

    http://twitter.com/#!/voipabuse

    Now, you can concoct a quick script off of it, e.g.:

    links -dump “http://twitter.com/voipabuse”|awk ‘/attacker/{print
    “iptables -A INPUT -s “$2” -j DROP”| “sort -u”}’

    Will get a quickie soon from my Acme’s, nCites, etc. when I have time.

    For those NOT familiar with it, please Google it as I don’t feel like
    typing anymore 😉 (sorry)