Recently I changed cell phone providers to a company that focuses more on VOIP than Cell transmissions. I was doing some sniffing and inspecting of my VOIP traffic to see how secure my traffic was since it would be mostly traversing the internet now. (I <3 VOIP BTW) I quickly found myself elbow-deep in Wireshark again and was thinking about The Naughty List ( as I usually do ). I was wondering if there was some sort of GeoIP DB connector in Wireshark that would let me view the geo-location of some of the servers my cellphone was now connecting to. After a few minutes of searching, not only did I find that Wireshark comes with the configuration hook-ins needed for GeoIP DB info, but it can also output a world map with markers and info regarding traffic in the capture destined for the locations found. The html output doesn’t look as awesome as The Naughty List here at T3chkommie.com, but it is definitely useful enough! In fact, the same DB resources some of these blogs and Wireshark recommends are the same resources that The Naughty List has been using for a few years now. (more…)
I am busy implementing a new protocol to be featured on the naughty list. After implementing a simple SMTP email server here at T3CHKOMMIE.com I noticed countless IP address probing for an “open relay” tying to exploit my SMTP server as a hop for malicious email. I am currently re-working the naughty list script to incorporate this traffic. You will see the protocol popping up here and there. Don’t pay too much attention as it wont be accurate until the back-end is in place. I hope to eventually intercept this rogue email messages and put up a naughty message list so we can all take a look at what these people are trying to communicate through poorly configured or compromised SMTP servers. FTP, SSH, and HTTP should all be working accurately and as expected.
For those of you that follow the Naughty List, things have been quite for the past few weeks. Today, however, China has really stepped it up! Over 7000 attempts on my FTP server in the last few hours. Check out the new pie charts on site. China is dominating with over 80% of the total attempt account. Just another reason to make sure you have policies and devices in place to protect yourself from all those things that want in.