lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <428CED91.8090408@nospammail.net>
Date: Thu May 19 20:49:09 2005
From: spamproof at nospammail.net (Rob)
Subject: Possible proxy scan for proactive
	countermeasures?

the rxmr wrote:
> Even though Slashdot is often joked about on the lists, I was
> wondering if anyone has been experiencing similar scans from their IP
> address and if so has anyone confirmed it to be them or is the source
> address being spoofed?
> 
> The scans are directed at proxy services and Slashdot has recently
> been getting crapflooded with anonymous posts made through open
> proxies and is rumored to be banning the IP's of those proxies. Here
> is an example:
> 
> http://slashdot.org/comments.pl?sid=150000&threshold=1&commentsort=0&tid=172&mode=thread&cid=12572018
> 
> Therefore it seems reasonable that the source of the scans is actually
> Slashdot.  If they are scanning me for open proxies, then are they
> scanning everyone else who visits their site today?  I gave up trying
> to get any response via email from Slashdot years ago so I am not
> going to contact them.
> 
> This is the recent output of my logfile (my IP is xx'd out):

They scan everyone, it has been going on for a long time, not just recently.
I don't remember if it is when you attempt to post comments or even just when you attempt to read stories.

The recent crapflood might be people attempting to get TOR endpoints/egresspoints  banned, just a guess - since if those address from 
which the comments were posted were actually open proxies then /. already has the technology to block them. So I think the posters 
are maybe not being completely truthful about how and from where they are posting (otherwise they wouldn't need to try to induce 
people to mod their posts).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ