[asterisk-users] Hack attempt sequential config file read looking for valid files.

Jerry Geis jerry.geis at gmail.com
Fri Apr 21 11:27:48 CDT 2017


I "justed" happened to look at /var/log/messages...

I saw:
Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename
0004f2034f6b.cfg
Apr 21 12:18:40 in.tftpd[22719]: Client 69.64.57.18 File not found
0004f2034f6b.cfg
Apr 21 12:18:40 in.tftpd[22720]: RRQ from 69.64.57.18 filename
0004f2034f6c.cfg
Apr 21 12:18:40 in.tftpd[22720]: Client 69.64.57.18 File not found
0004f2034f6c.cfg
Apr 21 12:18:40 in.tftpd[22721]: RRQ from 69.64.57.18 filename
0004f2034f6d.cfg
Apr 21 12:18:40 in.tftpd[22721]: Client 69.64.57.18 File not found
0004f2034f6d.cfg
Apr 21 12:18:40 in.tftpd[22722]: RRQ from 69.64.57.18 filename
0004f2034f6e.cfg

so basically an sequential read of polycom MAC address config files.
Some is trying to read to determine if I have any polycom files just
sequential read after read.
And if so - it would get any extension and password at that time.
Luckily I have none.

However - how does one block attempts like this ?

Thanks!

Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170421/2328bc56/attachment.html>


More information about the asterisk-users mailing list