[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)
- From: Luther Blissett <lblissett@xxxxxxxxxxxxx>
- Date: Fri, 16 Aug 2013 14:58:41 -0300
On Fri, 2013-08-16 at 19:31 +0200, Jann Horn wrote:
> Let me google that for you. Hmm. Assigned to "Polipo Web proxy". So maybe
> someone tried to connect to them through your exit node and they do proxyscans
> on people who connect to them?
>
>
Sorry but I did not understand this. I had already said it was attempt
on polipo. What exactly was so dumb in my phrasing that required you to
rephrase it?
> > Before the packet storm,
>
> Oooh, a storm!
>
>
Ok, maybe it was just a light wind and my system is the most laughable
one.
> Maybe your disk is just broken?
>
>
This may very well be the case. I'll recheck for badblocks. The disk is
a few years old.
> >
> Your systems were impacted by a DoS attack with 30 packets per second? You
> might
> want to upgrade to hardware that is a few decades newer.
>
I answered this on the other reply. It is certainly weird.
> > 74.63.255.118: 248
> > 216.245.193.201: 235
> > 208.115.232.205: 231
> > 74.63.255.119: 225
> > 216.245.193.200: 219
> [...]
> > O=TCP SPT=2216 : 1
>
> You were attacked by "O=TCP SPT=2216"? Cool story.
I'm glad you flagged this. I made up some quick dirty code to parse log
messages and though it seems to have worked fine on most lines, this one
got wrong on the regex. Thank you.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/