Written by sil
The VoIP Abuse Blacklist has been a work in progress as I sought a mechanism to document attackers. With that said, the new layout will hopefully be more beneficial to PBX administrators. Rather than reinvent wheels, VABL looks up an attacker's information via Shadowserver's lookup and appends three new fields: type of attacker, address and the letters VABL and a number dialed (when appropriate.)
The type of attacker field may make the biggest difference to those who decide to use this list. There are two specific entries that will appear: BRU, ADN and COM. BRU means that the host attempted to bruteforce a PBX while COM signifies that the attacker managed to compromise either a honeypot or a live machine. ADN is when an attacker places a call and is short for Attacker Dialing Numbers. Whenever you see an entry with ADN, there will be an additional field at the end with the number dialed by the attacker appended to it.
Because this project is a hobby project, I will try my best to keep it as up-to-date and as accurate as possible however, work and family come first, so apologies if there are times when it seems to lag. Sincerest thanks to everyone who has offered to send in data, assist with working on the page, assist with deploying honeypots, etc., I do read e-mails and if I don't respond it is likely that I am overwhelmed with many things.
188.8.131.52 | COM | VABL | 18420 | 184.108.40.206/16 | NCU | TW | NCKU.EDU.TW | TAIWAN ACADEMIC NETWORK
220.127.116.11 | COM | VABL | 3786 | 18.104.22.168/18 | LGDACOM | KR | - | INEMPIRE
22.214.171.124 | COM | VABL | 4134 | 126.96.36.199/13 | CHINANET | CN | CNDATA.COM | CHINANET ANHUI PROVINCE NETWORK
188.8.131.52 | COM | VABL | 9919 | 184.108.40.206/19 | NCIC | TW | - | 3J CORPORATION CO
220.127.116.11 | COM | VABL | 30099 | 18.104.22.168/20 | SB-2 | US | SERVERBEACH.COM | SERVERBEACH
22.214.171.124 | COM | VABL | 30099 | 126.96.36.199/22 | SB-2 | US | SERVERBEACH.COM | SERVERBEACH
188.8.131.52 | COM | VABL | 22773 | 184.108.40.206/16 | ASN-CXA-ALL-CCI-2277 | US | COX.NET | COX COMMUNICATIONS INC
220.127.116.11 | COM | VABL | 6724 | 18.104.22.168/16 | STRATO | DE | STRATOSERVER.NET | STRATO RECHENZENTRUM BERLIN
22.214.171.124 | ADN | VABL | 8452 | 126.96.36.199/22 | TE | EG | TEDATA.NET | AFRINIC | 011251912121891
Real Time VoIP Abuse Blacklist
Last Updated on Wednesday, 19 January 2011 20:08