| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Sep 2011 19:27:13 +0300 From: nix@...roxylists.com To: dink@...inkydink.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: China - the land of open proxies > > I'd be interested to know if you find more than 1% active in that list. > My timeout was 45 seconds, so you might do much better if you're > patient. But the live ones are usually pretty fast. > I forgot to post list yesterday after testing. |NiX| Checked 135440 proxies in 0 days 4 hours 11 minutes 57 seconds. Threads used: 125 Working proxies: 429 429 working out of 135k is not that bad from an old list. Here's the list: http://pastebin.com/sEuxdV8f You may want to recheck it since it's about 15 hours old. > The Taiwanese proxies aren't blocked like the ones on the mainland. They > are the best. > > I don't think it's a botnet, though. I think it's just stupid > programming. But, I don't have any hard evidence one way or the other. Neither do I but it's likely a botnet or bad progamming. I mean just like the port 27977 proxies, there were a ton of them and afterwards it proved to be botnet. > > BTW, I am a great fan of your work. I would appreciate a "Pro TIP" or > two on how you do it if you have the time. > What kind of tips you're looking for? How do I do it? Im hard worker and usually if I do something, I do it as good as I can or I don't do it all. That's my motto. > Thanks, > > Hinky > > On Thu, 2011-09-01 at 22:39 +0300, nix@...roxylists.com wrote: >> > >> > In July, hundreds of Chinese proxies on port 8909 started showing up >> > every day on public proxy lists. In August the daily numbers were in >> > the thousands. >> > >> > Here is the list I collected during that period. There are >135K >> > proxies in this file (text, tab delimited, ~8 megs). >> > >> > http://www.mrhinkydink.com/utmods/135k.txt >> > >> > You may want to right-click and "save as". This is offered as data >> you >> > may be able to use for forensic purposes or router block lists. Most >> of >> > these proxies are currently offline. When they are online, they're >> very >> > good proxies. >> > >> > I believe this is similar to the PPLiveVA issue with TCP port 9415 >> that >> > I noted back in April. >> > >> > http://mrhinkydink.blogspot.com/2011/04/insecure-defaults-in-ppliveav-client.html >> > >> > New port 9415 proxies stopped showing up on proxy lists when 8909 >> began >> > to take over, which leads me to believe this is the hot new media >> client >> > (either Youku or QQ) in Chinese-speaking countries. >> > >> >> Thanks for the list, I will post working proxies out of that list as >> soon >> as NiX Proxy Checker has finished. It can beat 600k proxy in 24 hours so >> this list has been checked in ~5.5 hours. >> >> I believe those proxies are new botnet proxies, just like port the U.S >> port 27977 ones were. >> >> PS. >> >> HTTP Proxy: 113.254.87.30:8909 RDNS: 113.254.87.30 |NiX| AnonyLevel: 1 >> Country: HONG KONG [HK] State/Region: - City: HONG KONG SSL CONNECT: No >> Delay: 3.18 seconds >> >> Nice post mrhinkydink ;) >> >> >> > --Mr. Hinky Dink >> > >> > walk like a mannequin >> > roll like a tyre >> > act on reaction >> > dodge the Big Spud Fryer >> > >> > http://mrhinkydink.blogspot.com >> > >> > >> > >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> > >> >> > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists