lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3a271eebe87df7fd9c2587199cbe5349.squirrel@gameframe.net>
Date: Fri, 2 Sep 2011 19:27:13 +0300
From: nix@...roxylists.com
To: dink@...inkydink.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: China - the land of open proxies

>
> I'd be interested to know if you find more than 1% active in that list.
> My timeout was 45 seconds, so you might do much better if you're
> patient.  But the live ones are usually pretty fast.
>

I forgot to post list yesterday after testing.

|NiX| Checked 135440 proxies in 0 days 4 hours 11 minutes 57 seconds.
Threads used: 125 Working proxies: 429

429 working out of 135k is not that bad from an old list.

Here's the list: http://pastebin.com/sEuxdV8f

You may want to recheck it since it's about 15 hours old.

> The Taiwanese proxies aren't blocked like the ones on the mainland. They
> are the best.
>
> I don't think it's a botnet, though.  I think it's just stupid
> programming.  But, I don't have any hard evidence one way or the other.

Neither do I but it's likely a botnet or bad progamming. I mean just like
the port 27977 proxies, there were a ton of them and afterwards it proved
to be botnet.

>
> BTW, I am a great fan of your work.  I would appreciate a "Pro TIP" or
> two on how you do it if you have the time.
>

What kind of tips you're looking for? How do I do it? Im hard worker and
usually if I do something, I do it as good as I can or I don't do it all.
That's my motto.


> Thanks,
>
> Hinky
>
> On Thu, 2011-09-01 at 22:39 +0300, nix@...roxylists.com wrote:
>> >
>> > In July, hundreds of Chinese proxies on port 8909 started showing up
>> > every day on public proxy lists.  In August the daily numbers were in
>> > the thousands.
>> >
>> > Here is the list I collected during that period.  There are >135K
>> > proxies in this file (text, tab delimited, ~8 megs).
>> >
>> > http://www.mrhinkydink.com/utmods/135k.txt
>> >
>> > You may want to right-click and "save as".  This is offered as data
>> you
>> > may be able to use for forensic purposes or router block lists.  Most
>> of
>> > these proxies are currently offline.  When they are online, they're
>> very
>> > good proxies.
>> >
>> > I believe this is similar to the PPLiveVA issue with TCP port 9415
>> that
>> > I noted back in April.
>> >
>> > http://mrhinkydink.blogspot.com/2011/04/insecure-defaults-in-ppliveav-client.html
>> >
>> > New port 9415 proxies stopped showing up on proxy lists when 8909
>> began
>> > to take over, which leads me to believe this is the hot new media
>> client
>> > (either Youku or QQ) in Chinese-speaking countries.
>> >
>>
>> Thanks for the list, I will post working proxies out of that list as
>> soon
>> as NiX Proxy Checker has finished. It can beat 600k proxy in 24 hours so
>> this list has been checked in ~5.5 hours.
>>
>> I believe those proxies are new botnet proxies, just like port the U.S
>> port 27977 ones were.
>>
>> PS.
>>
>> HTTP Proxy: 113.254.87.30:8909 RDNS: 113.254.87.30 |NiX| AnonyLevel: 1
>> Country: HONG KONG [HK] State/Region: - City: HONG KONG SSL CONNECT: No
>> Delay: 3.18 seconds
>>
>> Nice post mrhinkydink ;)
>>
>>
>> > --Mr. Hinky Dink
>> >
>> > walk like a mannequin
>> > roll like a tyre
>> > act on reaction
>> > dodge the Big Spud Fryer
>> >
>> > http://mrhinkydink.blogspot.com
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>
>
>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ