| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 May 2013 19:53:43 -0600 (MDT) From: Bruce Ediger <bediger@...atigery.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: On Skype URL eavesdropping On Fri, 17 May 2013, Kirils Solovjovs wrote: > Requests always come from the same IP 65.52.100.214. Oddly, I have an HTTP request from 65.52.100.214 in my apache log files. It asked for http://stratigery.com/scripting.ftp.html by far the most popular page on my web site. It used a HEAD. Referer and user agent both '-' That much is the same as everyone else. I have a little more to add. I have p0f version 2 running at the same time. I can match up the 65.52.100.214 with this from p0f: UNKNOWN [8192:56:1:48:M1460,N,N,S:.:?:?] p0f also claims an "ethernet/modem" link. I find 1 other hit in my p0f log file with that OS guess, from 1.23.166.134, which was also asking for http://stratigery.com/scripting.ftp.html, but with a GET. 1.23.166.134 had a referer of http://www.google.co.in 1.23.166.134 had a user agent of " Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; .NET CLR 3.5.30729; InfoPath.1; .NET4.0C; .NET4.0E)" 65.52.100.214 hit my web server at 2013-04-30 07:26:26-06 1.23.166.134 hit my web server at 2012-04-09 11:26:00-06 Note that I do not use Skype at all. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists