Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Possible proxy scan for proactive countermeasures?
From: Rob <spamproof () nospammail net>
Date: Thu, 19 May 2005 12:48:33 -0700

the rxmr wrote:
Even though Slashdot is often joked about on the lists, I was
wondering if anyone has been experiencing similar scans from their IP
address and if so has anyone confirmed it to be them or is the source
address being spoofed?

The scans are directed at proxy services and Slashdot has recently
been getting crapflooded with anonymous posts made through open
proxies and is rumored to be banning the IP's of those proxies. Here
is an example:


Therefore it seems reasonable that the source of the scans is actually
Slashdot.  If they are scanning me for open proxies, then are they
scanning everyone else who visits their site today?  I gave up trying
to get any response via email from Slashdot years ago so I am not
going to contact them.

This is the recent output of my logfile (my IP is xx'd out):

They scan everyone, it has been going on for a long time, not just recently.
I don't remember if it is when you attempt to post comments or even just when you attempt to read stories.

The recent crapflood might be people attempting to get TOR endpoints/egresspoints banned, just a guess - since if those address from which the comments were posted were actually open proxies then /. already has the technology to block them. So I think the posters are maybe not being completely truthful about how and from where they are posting (otherwise they wouldn't need to try to induce people to mod their posts).
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]