lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Aug 2013 14:58:41 -0300
From: Luther Blissett <lblissett@...anoici.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Who's behind limestonenetworks.com AKA DDoS
 on polipo(8123)

On Fri, 2013-08-16 at 19:31 +0200, Jann Horn wrote:

> Let me google that for you. Hmm. Assigned to "Polipo Web proxy". So maybe
> someone tried to connect to them through your exit node and they do proxyscans
> on people who connect to them?
> 
> 

Sorry but I did not understand this. I had already said it was attempt
on polipo. What exactly was so dumb in my phrasing that required you to
rephrase it?

> > Before the packet storm,
> 
> Oooh, a storm!
> 
> 
Ok, maybe it was just a light wind and my system is the most laughable
one.


> Maybe your disk is just broken?
> 
> 
This may very well be the case. I'll recheck for badblocks. The disk is
a few years old.

> >
> Your systems were impacted by a DoS attack with 30 packets per second? You might
> want to upgrade to hardware that is a few decades newer.
> 
I answered this on the other reply. It is certainly weird.

> > 74.63.255.118: 248 
> > 216.245.193.201: 235 
> > 208.115.232.205: 231 
> > 74.63.255.119: 225 
> > 216.245.193.200: 219
> [...]
> > O=TCP SPT=2216 : 1 
> 
> You were attacked by "O=TCP SPT=2216"? Cool story.

I'm glad you flagged this. I made up some quick dirty code to parse log
messages and though it seems to have worked fine on most lines, this one
got wrong on the regex. Thank you.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists