Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: jsonrpc Scanning for root account - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
jsonrpc Scanning for root account

In the past few weeks I have noticed this type of POST activity showing in my honeypot {"id":0,"jsonrpc":"2.0","method":"eth_accounts"} looking for ID 0 (root). Activity has a static source port of 65535 and destination port 8080.


Do you have logs to share related to this type of activity?

[1] https://github.com/ethereum/wiki/wiki/JSON-RPC
[2] https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_accounts

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Guy

409 Posts
ISC Handler
Looks, at first glance, as if it could be related to this Oracle advisory?

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html

Remote attack without auth...
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!