Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

[Luther Blissett <lblissett () paranoici org>]

On Fri, 2013-08-16 at 19:31 +0200, Jann Horn wrote:

> Let me google that for you. Hmm. Assigned to "Polipo Web proxy". So maybe
> someone tried to connect to them through your exit node and they do proxyscans
> on people who connect to them?

Sorry but I did not understand this. I had already said it was attempt
on polipo. What exactly was so dumb in my phrasing that required you to
rephrase it?

> > Before the packet storm,
>
> Oooh, a storm!
Ok, maybe it was just a light wind and my system is the most laughable
one.


> Maybe your disk is just broken?
This may very well be the case. I'll recheck for badblocks. The disk is
a few years old.

> >
> Your systems were impacted by a DoS attack with 30 packets per second? You might
> want to upgrade to hardware that is a few decades newer.
I answered this on the other reply. It is certainly weird.

> > 74.63.255.118: 248 
> > 216.245.193.201: 235 
> > 208.115.232.205: 231 
> > 74.63.255.119: 225 
> > 216.245.193.200: 219
> [...]
> > O=TCP SPT=2216 : 1 
>
> You were attacked by "O=TCP SPT=2216"? Cool story.

I'm glad you flagged this. I made up some quick dirty code to parse log
messages and though it seems to have worked fine on most lines, this one
got wrong on the regex. Thank you.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/