jsonrpc Scanning for root account
In the past few weeks I have noticed this type of POST activity showing in my honeypot {"id":0,"jsonrpc":"2.0","method":"eth_accounts"} looking for ID 0 (root). Activity has a static source port of 65535 and destination port 8080.
Do you have logs to share related to this type of activity?
[1] https://github.com/ethereum/wiki/wiki/JSON-RPC
[2] https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_accounts
-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu
×
Diary Archives
Comments
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html
Remote attack without auth...
Anonymous
Nov 15th 2017
7 years ago
Anonymous
May 31st 2018
6 years ago