lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Aug 2013 14:58:41 -0300
From: Luther Blissett <>
Subject: Re: Who's behind AKA DDoS
 on polipo(8123)

On Fri, 2013-08-16 at 19:31 +0200, Jann Horn wrote:

> Let me google that for you. Hmm. Assigned to "Polipo Web proxy". So maybe
> someone tried to connect to them through your exit node and they do proxyscans
> on people who connect to them?

Sorry but I did not understand this. I had already said it was attempt
on polipo. What exactly was so dumb in my phrasing that required you to
rephrase it?

> > Before the packet storm,
> Oooh, a storm!
Ok, maybe it was just a light wind and my system is the most laughable

> Maybe your disk is just broken?
This may very well be the case. I'll recheck for badblocks. The disk is
a few years old.

> >
> Your systems were impacted by a DoS attack with 30 packets per second? You might
> want to upgrade to hardware that is a few decades newer.
I answered this on the other reply. It is certainly weird.

> > 248 
> > 235 
> > 231 
> > 225 
> > 219
> [...]
> > O=TCP SPT=2216 : 1 
> You were attacked by "O=TCP SPT=2216"? Cool story.

I'm glad you flagged this. I made up some quick dirty code to parse log
messages and though it seems to have worked fine on most lines, this one
got wrong on the regex. Thank you.

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists