[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1376675921.29783.38.camel@tagesuhu-pc>
Date: Fri, 16 Aug 2013 14:58:41 -0300
From: Luther Blissett <lblissett@...anoici.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Who's behind limestonenetworks.com AKA DDoS
on polipo(8123)
On Fri, 2013-08-16 at 19:31 +0200, Jann Horn wrote:
> Let me google that for you. Hmm. Assigned to "Polipo Web proxy". So maybe
> someone tried to connect to them through your exit node and they do proxyscans
> on people who connect to them?
>
>
Sorry but I did not understand this. I had already said it was attempt
on polipo. What exactly was so dumb in my phrasing that required you to
rephrase it?
> > Before the packet storm,
>
> Oooh, a storm!
>
>
Ok, maybe it was just a light wind and my system is the most laughable
one.
> Maybe your disk is just broken?
>
>
This may very well be the case. I'll recheck for badblocks. The disk is
a few years old.
> >
> Your systems were impacted by a DoS attack with 30 packets per second? You might
> want to upgrade to hardware that is a few decades newer.
>
I answered this on the other reply. It is certainly weird.
> > 74.63.255.118: 248
> > 216.245.193.201: 235
> > 208.115.232.205: 231
> > 74.63.255.119: 225
> > 216.245.193.200: 219
> [...]
> > O=TCP SPT=2216 : 1
>
> You were attacked by "O=TCP SPT=2216"? Cool story.
I'm glad you flagged this. I made up some quick dirty code to parse log
messages and though it seems to have worked fine on most lines, this one
got wrong on the regex. Thank you.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists