Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

jsonrpc Scanning for root account

Published: 2017-11-13
Last Updated: 2017-11-13 19:34:15 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

In the past few weeks I have noticed this type of POST activity showing in my honeypot {"id":0,"jsonrpc":"2.0","method":"eth_accounts"} looking for ID 0 (root). Activity has a static source port of 65535 and destination port 8080.

Do you have logs to share related to this type of activity?


Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Keywords: ID 0 jsonrpc scanning
2 comment(s)
Diary Archives