It started the other day, about the 2nd of September, I started receiving Comment Spam hits. Hundreds of them. Just shy of a thousand hits a day. It's crazy... Of those of you that don't know what a comment spam hit is.. here's a traffic dump:
GET /2005/04/enterprise-will-take-its-longhorn.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; N_o_k_i_a)
See the wierd "x-aaaaaaaaa" user-agent string? See the referer? Some blackjack site? Welp, I don't know why they have suddenly followed me over here, but they have.
I'm considering doing one of several things.
A) Stopping the blog -- Shutting it off completely.
B) Changing the DNS name to something like esler.is-a-geek.org
C) I don't know.
In the meantime I have made some changes to the IDS.
A) A secret
B) Anytime a request is made with that user-agent string, a RST packet will be sent to the host. The communication will immediately cease. (Go Snort.. Go Snort...)
Over the past several years my job here at Cisco Talos has changed drastically. I took on new roles, which is awesome and exciting, but in ...
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...