[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Unusual traffic for key 0x69D2EAD9 and 0xB33B4659

From: brent s.
Subject: Re: [Sks-devel] Unusual traffic for key 0x69D2EAD9 and 0xB33B4659
Date: Sat, 12 Jan 2019 15:36:41 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3

On 1/12/19 2:15 PM, Shengjing Zhu wrote:
> Hi,
> While I rescued my key server back this night, I found the unusual
> traffic for key 0x69D2EAD9 and 0xB33B4659. It caused load to my server
> when it tried to sync up with the network.
> Request counted in 2h:
>    178 0xB33B4659
>     186 0x69D2EAD9
>     290 0x2016349F5BC6F49340FCCAF99F9169F4B33B4659
>     336 0x1013D73FECAC918A0A25823986CE877469D2EAD9
> Requests come from Compare to the server
> number behind the pool,  I think these requests are quite unusual.
> Does anyone know what happens to these two keys?

they're for FreePBX and have caused at least one other issue:

based on this:

it would SEEM they're part of the FreePBX installation process, but it's
possible that something from normal operation even fetches the key
operationally and frequently.

i see three possible situations:

0.) a recent update was made to FreePBX that fetches the key, even if it
exists in the keyring or a key refresh is called (very likely)
1.) a random attack targeting you specifically is ocurring and they just
randomly picked that key ID (a little likely, but not very)
2.) the key has been compromised and is being used as part of a botnet
for some purpose (extremely unlikely)

i'll see if i can find out from the freepbx source/the project devs.

will reply when i have further info.

meanwhile, can you let us know if those requests are all coming from the
same IP or allocation block?

brent saner
GPG info:

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]