Thread Dump

From an Unknown 433 MHz Signal to a Real-Time Meshtastic Security Research Pipeline

Tue, 09 Jun 2026 00:00:00 +0000

Summary

A wide burst near 433 MHz looked unusual in SDR++. It was too broad for a typical narrowband voice channel and displayed repeated slanted structures in the waterfall. That observation led to a passive research pipeline:

BladeRF / SDR++ capture
 -> LoRa PHY identification
 -> GNU Radio demodulation
 -> payload CRC gate
 -> packet-preserving UDP
 -> Meshtastic protobuf decoder
 -> JSONL and SQLite persistence
 -> public, privacy-aware reporting

The goal of this note is to document the technical path from RF observation to structured Meshtastic packet analysis, while also showing that public RF telemetry can expose metadata, topology, and operational patterns.

H.323 Devices discovery scan via TPTK/Q.931/H.225.0.CS

Sun, 10 Apr 2022 10:24:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. H.323 service detection technique based on the SETUP message type (0x05).

SoftEther reflection DDoS amplification attack via OpenVPN P_CONTROL_HARD_RESET_CLIENT_2

Sun, 10 Apr 2022 10:24:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. OpenVPN P_CONTROL_HARD_RESET_CLIENT_2 - initial key from client, forget previous state

According to SoftEther issue #1001 SoftEther is vulnerable to DDoS amplification attack via OpenVPN

IEC 60870-5-104 TESTFR

Sun, 10 Apr 2022 01:31:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. IEC 60870-5-104 Transmission Protocols - Network access for IEC 60870-5-101 using standard transport profiles

Apple File Service (AFS) DSI AFP

Sun, 20 Feb 2022 08:18:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Apple File Service(AFS) DSI GetStatus(AFP) call

LDAP Search Request

Sun, 20 Feb 2022 08:18:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. LDAP SearchRequest for objectclass=any

Apache Cassandra CQL

Fri, 18 Feb 2022 22:29:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Cassandra CQL Protocol Request

TPKT ISO 8073/X.224 COTP Connect Request

Fri, 18 Feb 2022 13:37:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. TSAP ISO 8073/X.224 COTP Connect Request

Android Debug Bridge(ADB) service

Thu, 17 Feb 2022 18:55:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Android Debug Bridge(ADB) service remote shell access

Rsyncd service enumeration

Thu, 17 Feb 2022 18:55:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Rsync daemon service enumeration

Dahua DVR protocol - Remote access

Tue, 15 Feb 2022 11:02:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Dahua DVR protocol remote access using common credentials

TPLINK Archer C20i CVE-2017-8220

Tue, 15 Feb 2022 10:40:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. TPLINK Archer C20i CVE-2017-8220

Java Debug Wire Protocol(JDWP) Handshake

Mon, 14 Feb 2022 11:25:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Java Debug Wire Protocol(JDWP) Handshake

LibreOffice Impress Remote Server

Sun, 13 Feb 2022 20:22:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. LibreOffice Impress Remote Server access. Slideshow remote control.

Asterisk Manager

Sun, 13 Feb 2022 19:36:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Asterisk Manager remote access

IBM DB2 Administration Server

Fri, 11 Feb 2022 18:38:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. IBM DB2DAS Administration Server

XMPP Jabber Client request

Thu, 10 Feb 2022 23:36:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. XMPP Jabber Client initiation

AppSocket/JetDirect/PDL Printer PJL INFO

Wed, 09 Feb 2022 22:26:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. HP Printer job language(PJL) status query over PDL

Redis INFO enumeration

Wed, 09 Feb 2022 22:00:00 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Redis in-memory database enumeration via info command

Telnet root/root automated exploitation

Tue, 08 Feb 2022 11:16:02 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Telnet root/root credentials automated exploitation with malware deployment

Log4j CVE-2021-44228 HTTP Headers

Mon, 07 Feb 2022 21:07:02 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Log4j CVE-2021-44228 using various HTTP Headers

Unitronics PLC GetID

Mon, 07 Feb 2022 20:30:02 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Model and OS Version /00IDED query. 00 enables any controller to respond.

Babylon RAT C2 Client Request

Sun, 06 Feb 2022 19:51:21 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Babylon RAT C2 Client Request

KUKA.WorkVisual DeviceInfo

Sat, 05 Feb 2022 11:57:21 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. KUKA.WorkVisual configuration software for KUKA KR C4 (Robotics) DeviceInfo call

IBM-3279-4-E Telnet

Thu, 03 Feb 2022 23:12:21 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. IBM-3279-4-E Telnet host access

LDAP Search request

Thu, 03 Feb 2022 22:40:21 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. LDAP wire search request

Microsoft Windows SMB

Thu, 03 Feb 2022 15:45:21 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Microsoft Windows 2000 2195 5.0 SMB

AWS Credentials GET

Thu, 03 Feb 2022 10:59:53 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. AWS Credential file HTTP GET

Siemens Logo! 0BA7 PLC

Wed, 02 Feb 2022 21:25:56 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Siemens Logo! 0BA7 PLC init

DVRIP-Web

Wed, 02 Feb 2022 18:26:56 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. DVRIP-Web Protocol request

Weblogic Server 12.1.2 T3

Wed, 02 Feb 2022 18:26:56 +0100

Archive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. Weblogic T3 RMI protocol

Cisco 2960 WS-C2960G-24TC-L

Sat, 24 Oct 2020 00:00:00 +0000

Quite unusual, not listed on the Cisco website 2960 “G” series WS-C2960G-24TC-L with 20 Ethernet 10/100/1000 ports and 4 dual-purpose uplinks

Cisco 2960 WS-C2960-24TC-S

Sat, 03 Oct 2020 00:00:00 +0000

Cisco Catalyst 2960-24TC-S with 24 Ethernet 10/100 and 2 dual-purpose ports (10/100/1000 or SFP) from Cisco 2960 series.

Cisco 2960 WS-C2960-48TC-L

Sat, 03 Oct 2020 00:00:00 +0000

WS-C2960-48TC-L is a Cisco 2960 layer 2 switch with 48 Ethernet 10/100 and 2 dual-purpose ports (10/100/1000 or SFP)

Cisco 2960 WS-C2960-48TT-L

Thu, 24 Sep 2020 00:00:00 +0000

WS-C2960-48TT-L Cisco 2960 Series switch. Writing down remarks, findings about under the hood components.

Complaint tablet to Ea-nasir

Sun, 07 Jun 2020 00:00:00 +0000

Around 1750 BC. Deal between Nani and Ea-Nasir goes wrong. First formal complaint ?

Sortition & democracy

Sun, 07 Jun 2020 00:00:00 +0000

Do we have enough of social platform influence on our elections ? How about election by lot ?

Kleroterion. Lot selection device from Athenes

About

Mon, 01 Jan 0001 00:00:00 +0000

Curiosity drives this notebook. It is a place to retain technical experiments, observations, failures, and conclusions instead of leaving them scattered across terminals and old repositories.

The site combines material previously published through threaddump and threatdump with new research on SDR signals, security, FreeBSD and OpenBSD, networking, and hardware.

Search

Mon, 01 Jan 0001 00:00:00 +0000

Search titles, summaries, categories, tags, and article text.