 VoIP Blacklist Project [Addresses] [Netblocks] [Numbers Called] [E-Mails Sent] [Responses Received] [Attack Logs] [Defensive Suggestions] [VoIP Abuse PGP Key] [Removals] [Submissions] Contact and data submission info: voipabuse at infiltrated dot net Formatting to send data should be sanitized to omit your IP space from a potential future attack and or retribution. To submit data you can either email a CSV or text file with the following information: Bruteforcers: +-------------------------------+------------+------------+------------+-----------+----------+----------+ | md5 checksum of your hostname | start_date | start_time | stop_date | stop_time | attacker | attempts | +-------------------------------+------------+------------+------------+-----------+----------+----------+ E.G: e3d8862a1f1457b8722646dbec79d0f4b7e1b2ab,2010-07-28,19:54:49,2010-07-28,21:00:59,61.9.200.172,9825 Attackers (if someone has compromised an account and made/attempted to make calls) +--------------------------------+----------------+------------------+------------+--------------+------------+------------+ | md5 checksum of your hostname | extension_used | attacker_address | user_agent | channel_used | start_date | start_time | +--------------------------------+----------------+------------------+------------+--------------+------------+------------+ E.G.: e3d8862a1f1457b8722646dbec79d0f4b7e1b2ab,test,216.131.86.135,Zoiper rev.6848,test,2010-08-14,01:36:25 If you need information on obtaining a script to gather this data for you, send me a message and depending on your PBX and its logging mechanisms, I will assist you in getting the proper information parsed from your logs. So far I have a script for Asterisk based PBX's and for pbxnsip. It has been my experience that many abuse desks and companies don't take the time to respond to complaints other than the usual generic/template response. The issue of removals is a tricky one as I want to be as fair and accurate as possible without companies getting the impression that they can get away with doing nothing about the attacks leaving their networks. If your address space is on the list, kindly send an e-mail to voipabuse at infiltrated dot net and I will work with you to get your space removed. If you think that by solely sending an e-mail that removal will occur, you're mistaken. Addresses will be kept on this list for the duration of 90 days. If someone in your company responded to an abuse e-mail, I will re-visit removing you from the list however, this all depends on whether or not we believe your efforts on remediation were genuine. What does this mean? Simple, in an effort to get companies to actually take things serious, we believe in "following up." It would be simple for me to autogenerate a "looking into this" message and going about my merry way, leaving you the victim, in the cold. How do you know I actually did anything? If a company wants me to "expedite" removal, it would be fair to see how and what they did in order to correct their problems other than a "thank you looking into it." That too is tricky as no one wants to expose potential client information or sensitive network info to anyone. Therefore I again iterate, if you believe your networks/addresses should not be on this list, I will investigate and take the appropriate measures to work WITH YOU not against you. Toll fraud and malicious abuse is a serious business and as I've stated before, if it's going to cost me, so should it cost those networks that allow this malicious traffic from their networks. As an owner, admin, engineer, one should keep in mind that data is almost forever cached nowadays. We are not responsible for any cache on any search engine period. Don't want your company information and IP space listed in search engine searches for nefarious activities, take better care of your networks and choose your customers wisely. Take the time and the effort to secure your networks, otherwise, lists and projects like this are the result. |