VoIP Blacklist Project
[Addresses] [Netblocks] [Numbers Called] [E-Mails Sent] [Responses Received] [Attack Logs] [Defensive Suggestions] [VoIP Abuse PGP Key] [Removals] [Submissions] [Monthly RSS feed]

UPDATE MARCH 14th 2013

Real time data is now available via Twitter: https://twitter.com/efensive

UPDATE January 20th 2011

PLEASE USE http://www.infiltrated.net/vabl.txt for blocking and or researching attackers. This page has been replaced by http://infiltrated.net/index.php?option=com_content&view=article&id=17&Itemid=23

The VoIP Abuse Project is aimed at minimizing abuse for networks that have publicly accessible PBX's. As a security engineer at a managed service provider, one of our services is VoIP. Throughout the course of the day, I got tired of seeing VoIP based brute force attempts that I decided to out companies who sit around and choose to do nothing about the attacks coming from their networks. As a courtesy I often take the time out of my work day to write constant emails to abuse and security desks which go nowhere.

In an effort to make other companies who have PBX servers online aware of the attackers, I will be posting the information of address and companies in which these attacks are coming from. If your company is listed here it is for a reason. I will include all correspondence I have with companies including the emails I send to them. If a company believes their information is here unfairly, I will gladly investigate the matter and correct it however, if you're listed here, you deserve to be. Clean up your network. These attacks cost money at the end of the day and you wouldn't like it if my servers attacked your company because of my negligence and lack of due diligence in reading abuse e-mail.

For companies inside the United States, we may also report instances to the Better Business Bureau since some shops like to use that as a guide of "How well they're doing." I know I would not want to do business with a company that does nothing to minimize malicious traffic on their networks. This is costing the victims money from loss of clients due to bruteforcing consuming a lot of bandwidth, not to mention the potential toll-fraud if a system is compromised. If it's going to cost me, so should it cost you for allowing it.

For the systems/network engineers who choose to bookmark this page, I will create a blacklist that you can wget with either a single IP address to block or an entire netblock. Perhaps others may be encouraged to block entire netblocks until some of these companies clean up their shops. Let them answer to THEIR customers as to why they can't connect or why clients can't reach their sites. Let them take the initiative to run a clean network.

For anyone wondering why there is a lack of abuse e-mails RIPE/APNIC/LACNIC/AFRINIC addresses, many don't response because of the language barriers, many don't care and many of these addresses are blocked on many of my managed PBX's. Aside from this, I have a script to block out all non-ARIN addresses called AntiToll. More information on the idea behind this project can be found at http://voipsa.org/blog/2010/09/28/voip-abuse-project/

Currently this page is broken down as follows:
Addresses: These are the IP addresses of bruteforcing hosts
Netblocks: These are the netblocks of attacking hosts
Numbers Called: These are the numbers called by attackers from my honeypots
E-mails Sent: These are the e-mails sent to abuse desks
Responses Received: These are the responses (if any) received in response to my e-mails
Attack logs: These are the logs of attacks
Defensive suggestions: IPF/IPTables/PF based script for Asterisk PBX's
Submissions Info: Information on how to submit data to this site
VoIP Abuse PGP Key: PGP Key for those willing to send in logfiles of attacks


[Addresses] [Netblocks] [Numbers Called] [E-Mails Sent] [Responses Received] [Attack Logs] [Defensive Suggestions] [VoIP Abuse PGP Key]