Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: jsonrpc Scanning for root account SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
jsonrpc Scanning for root account

In the past few weeks I have noticed this type of POST activity showing in my honeypot {"id":0,"jsonrpc":"2.0","method":"eth_accounts"} looking for ID 0 (root). Activity has a static source port of 65535 and destination port 8080.


Do you have logs to share related to this type of activity?

[1] https://github.com/ethereum/wiki/wiki/JSON-RPC
[2] https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_accounts

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Guy

451 Posts
ISC Handler
Looks, at first glance, as if it could be related to this Oracle advisory?

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html

Remote attack without auth...
Anonymous
https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_accounts
Anonymous

Sign Up for Free or Log In to start participating in the conversation!