Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: jsonrpc Scanning for root account - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
jsonrpc Scanning for root account

In the past few weeks I have noticed this type of POST activity showing in my honeypot {"id":0,"jsonrpc":"2.0","method":"eth_accounts"} looking for ID 0 (root). Activity has a static source port of 65535 and destination port 8080.

Do you have logs to share related to this type of activity?


Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu


523 Posts
ISC Handler
Nov 13th 2017
Looks, at first glance, as if it could be related to this Oracle advisory?

Remote attack without auth...

Sign Up for Free or Log In to start participating in the conversation!