Announcement

Collapse
No announcement yet.

Under random ssl attack

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • beakmyn
    replied
    Re: Under random ssl attack

    Originally posted by streaker69 View Post
    Yes, but you'll also have to give the clarifier a +5khz slide.

    Careful though, there's a smokey in a plain brown wrapper over near 12.120.180.8.
    Oh, you just shit on solemn ground right there. Don't ever call a HAM a CB whacker. Dems fighting words.

    Leave a comment:

  • streaker69
    replied
    Re: Under random ssl attack

    Originally posted by beakmyn View Post
    Are you saying we should switch to the upper sideband?

    That explains why it's been so difficult to access the site lately, though.
    Yes, but you'll also have to give the clarifier a +5khz slide.

    Careful though, there's a smokey in a plain brown wrapper over near 12.120.180.8.

    Leave a comment:

  • beakmyn
    replied
    Re: Under random ssl attack

    Originally posted by charliex View Post
    I really wish I'd taken that HAM radio exam at defcon last year now.
    Are you saying we should switch to the upper sideband?

    That explains why it's been so difficult to access the site lately, though.

    Leave a comment:

  • charliex
    replied
    Re: Under random ssl attack

    I really wish I'd taken that HAM radio exam at defcon last year now.

    Leave a comment:

  • noid
    replied
    Re: Under random ssl attack

    I say we turn the Internet off. That will stop these attacks.

    Leave a comment:

  • streaker69
    replied
    Re: Under random ssl attack

    Originally posted by Dark Tangent View Post
    Very interesting. Will be working on a way to mitigate it.
    Nuke it from Orbit, after all, it's the only way to be sure.

    Leave a comment:

  • The Dark Tangent
    started a topic Under random ssl attack

    Under random ssl attack

    I noticed this the other day in the firewall logs:

    attackip: 59.103.215.235
    reason: The SSL session failed. This may be a configuration error, or it may be an attempt to subvert the protocol. Connection closed.
    information: SSL_accept
    SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified

    There were a lot of them.. like hundreds of thousands. Over three hundred thousand in the last day.

    Then I read this on slashdot:

    angry tapir writes "More than 300 Web sites are being pestered by infected computers that are part of the Pushdo botnet. The FBI, Twitter, and PayPal are among the sites being hit, although it doesn't appear the attacks are designed to knock the sites offline. Pusho appears to have been recently updated to cause computers infected with it to make SSL connections to various Web sites — the bots start to create an SSL connection, disconnect, and then repeat."

    SecureWorks's Joe Stewart theorizes that this behavior is designed to obscure Pushdo's command and control in a flurry of bogus SSL traffic.
    Very interesting. Will be working on a way to mitigate it. Bumped up defense sensitivity, I apologize if you accidentally get temporarily blocked.

    Oh aren't we lucky!

    http://www.shadowserver.org/wiki/upl...shdo_sites.txt
    Last edited by The Dark Tangent; February 1, 2010, 20:19.
    Tags: attack, botnet, pusho, ssl
Previous template Next
Working...
X