It started the other day, about the 2nd of September, I started receiving Comment Spam hits. Hundreds of them. Just shy of a thousand hits a day. It's crazy... Of those of you that don't know what a comment spam hit is.. here's a traffic dump:
GET /2005/04/enterprise-will-take-its-longhorn.html HTTP/1.1
Accept: */*
Accept-Language: en-us
x-aaaaaaaaaaaa: 1
Referer: http://www.casino-bu.com/blackjack.html
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; N_o_k_i_a)
x-aaaaaaaaaa: 300000
UA-CPU: x86
Host: esler.is-a-geek.net
Connection: Keep-Alive
See the wierd "x-aaaaaaaaa" user-agent string? See the referer? Some blackjack site? Welp, I don't know why they have suddenly followed me over here, but they have.
I'm considering doing one of several things.
A) Stopping the blog -- Shutting it off completely.
B) Changing the DNS name to something like esler.is-a-geek.org
C) I don't know.
In the meantime I have made some changes to the IDS.
A) A secret
B) Anytime a request is made with that user-agent string, a RST packet will be sent to the host. The communication will immediately cease. (Go Snort.. Go Snort...)
Joel Esler, Sourcefire, Snort, Immunet, ClamAV, Apple, and Network Security. This is my blog.
Subscribe to:
Post Comments (Atom)
Call of Duty Error 6034 for the Xbox
Several friends and I play Call of Duty nearly every night. However, Activision’s most recent multiplayer update broke the heck out of Call...
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
-
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
For those of you that haven't heard of DropBox, it's essentially a synced drive that is stored on DropBox's servers (in the clou...
No comments:
Post a Comment