|
| From: | Shengjing Zhu |
| Subject: | Re: [Sks-devel] Unusual traffic for key 0x69D2EAD9 and 0xB33B4659 |
| Date: | Sun, 13 Jan 2019 13:15:35 +0800 |
On 1/12/19 2:15 PM, Shengjing Zhu wrote:
> Hi,
>
> While I rescued my key server back this night, I found the unusual
> traffic for key 0x69D2EAD9 and 0xB33B4659. It caused load to my server
> when it tried to sync up with the network.
>
> Request counted in 2h:
>
> 178 0xB33B4659
> 186 0x69D2EAD9
> 290 0x2016349F5BC6F49340FCCAF99F9169F4B33B4659
> 336 0x1013D73FECAC918A0A25823986CE877469D2EAD9
>
> Requests come from pool.sks-keyservers.net. Compare to the server
> number behind the pool, I think these requests are quite unusual.
> Does anyone know what happens to these two keys?
>
they're for FreePBX and have caused at least one other issue:
https://lists.gnu.org/archive/html/sks-devel/2018-07/msg00077.html
based on this:
https://www.dslreports.com/forum/r30661088-PBX-FreePBX-for-the-Raspberry-Pi~start=810
it would SEEM they're part of the FreePBX installation process, but it's
possible that something from normal operation even fetches the key
operationally and frequently.
i see three possible situations:
0.) a recent update was made to FreePBX that fetches the key, even if it
exists in the keyring or a key refresh is called (very likely)
1.) a random attack targeting you specifically is ocurring and they just
randomly picked that key ID (a little likely, but not very)
2.) the key has been compromised and is being used as part of a botnet
for some purpose (extremely unlikely)
i'll see if i can find out from the freepbx source/the project devs.
will reply when i have further info.
meanwhile, can you let us know if those requests are all coming from the
same IP or allocation block?
--
brent saner
https://square-r00t.net/
GPG info: https://square-r00t.net/gpg-info
_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel
| [Prev in Thread] | Current Thread | [Next in Thread] |