Ganbold,
You're welcome.
J
On Sun, 20 Apr 2008 21:26:07 -0400 Ganbold <[EMAIL PROTECTED]>
wrote:
>Thanks a lot who has replied to me.
>Basically 64.40.117.19 is foreign IP and connection from all over
>world
>means
>I've seen accesses from various different IPs to 64.40.117.119.
>Before clien
Thanks a lot who has replied to me.
Basically 64.40.117.19 is foreign IP and connection from all over world
means
I've seen accesses from various different IPs to 64.40.117.119.
Before client's connection was without firewall.
I put firewall and also notified client's admin and now it seems like
Hi,
We are experiencing the same issue's here. Most IP's originate from
Romania on our side.
Ganbold wrote:
> Hi,
>
> Recently I have seen a lots of connections to 64.40.117.19 port 80 in
> one of our clients network.
> Connections are coming from all over the Internet (various different
> IP
>
> This certainly would clear things up, but how do you propose that
> can be done?
>
If the IP is a client's then it really shouldn't be that difficult. Unless
you're asking how to actually perform this on a system you have access to?
>From Guido's post though it looks like this may be the wro
http://spywaredetector.net/spyware_encyclopedia/Trojan.Graball.htm
"the following internet connection was established:
64.40.117.19:80(hostwaydcs.com)"
Ganbold wrote:
> Hi,
>
> Recently I have seen a lots of connections to 64.40.117.19 port 80 in
> one of our clients network.
> Connections a
Dear Midget,
On Fri, 18 Apr 2008 13:20:18 -0400 mcwidget <[EMAIL PROTECTED]>
wrote:
>I think what he's saying is that the IP address listed belongs to
>one of his
>clients and they are receiving connections to port 80 on that IP
>from all
>over the internet; and asking why this would be happen
>
> I would assume the first sentence means you are seeing outgoing
> connections, from your client's site, destined for the IP/port above. So
> then, the second sentence makes even less sense, connections coming into
> your network from all over the Internet, but 'specifically to this IP'?
>
I didn't see any claims being made, just a question, albeit maybe
rhetorical.
Either way, who gives a shit. Back to the OP-
*Recently I have seen a lots of connections to 64.40.117.19 port 80 in
one of our clients network.
Connections are coming from all over the Internet (various different
IPs)
http://en.wikipedia.org/wiki/Ad_hominem
Unless you have some evidence such as the evidence Dr. Neal Krawetz
was able to provide re: GOBBLES and n3td3v, this claim is
irresponsible and I urge the other members of the list to ignore it.
J
On Fri, 18 Apr 2008 11:38:44 -0400 [EMAIL PROTECTED] wrot
Nice try, you won't find me clicking JPEGs on a computer security
mailing list LOLOL.
J
On Fri, 18 Apr 2008 11:40:00 -0400 php0t <[EMAIL PROTECTED]> wrote:
>>>Connections are coming from all over the Internet (various
>>>different IPs) specifically to this IP.
>
>> This sounds like a textbook c
Connections are coming from all over the Internet (various
different IPs) specifically to this IP.
This sounds like a textbook case of Cross Site Scripting (XSS).
[see attachment]
<>___
Full-Disclosure - We believe in it.
Charter: http://lists.grok
lol. Are you related to n3td3v?
>
>
> On Fri, 18 Apr 2008 11:30:19 -0400 [EMAIL PROTECTED] wrote:
>>
>>Sorry to answer for Valdis, but here...
>>
>>https://dmcdonald.net/iframe.html if I were a *VERY* popular site,
>>that
>>would ddos google. Although including somekind of search request
>>would
>
On Fri, 18 Apr 2008 11:30:19 -0400 [EMAIL PROTECTED] wrote:
>
>Sorry to answer for Valdis, but here...
>
>https://dmcdonald.net/iframe.html if I were a *VERY* popular site,
>that
>would ddos google. Although including somekind of search request
>would
>make it a little better, and realisticly i
> Where is the proof of this iframe injection that you claim? I doubt
> such a technique even exists.
Sorry to answer for Valdis, but here...
https://dmcdonald.net/iframe.html if I were a *VERY* popular site, that
would ddos google. Although including somekind of search request would
make it a l
Valdis,
On Fri, 18 Apr 2008 11:11:41 -0400 [EMAIL PROTECTED] wrote:
>Yes, but although we have evidence that a DDoS of some sort is
>underway,
>we have *ZERO*, *ZIP*, *ZILTCH*, *GOOSE-EGG* indication that an
>XSS was
>involved. For all you know, it was an iframe injection into
>clients that
>
News,
On Fri, 18 Apr 2008 11:11:53 -0400 [EMAIL PROTECTED] wrote:
>Eh? The closest thing I can think of to what you're saying is if
>the cause
>of a DDOS was stored XSS on a popular site(s) being used get users
>browsers to request information from 64.40.117.19. The XSS would
>be done
>else wher
On Fri, 18 Apr 2008 11:01:26 EDT, Joey Mengele said:
> I believe you are missing something. XSS is merely a type of
> vulnerability. It is very common for an XSS payload to include a
> DDoS component. If you had done your research before retorting you
> would have known this.
Yes, but although
J,
Eh? The closest thing I can think of to what you're saying is if the cause
of a DDOS was stored XSS on a popular site(s) being used get users
browsers to request information from 64.40.117.19. The XSS would be done
else where, and the DDOS attack itself would contain no 'payload'.
In which cas
News,
I believe you are missing something. XSS is merely a type of
vulnerability. It is very common for an XSS payload to include a
DDoS component. If you had done your research before retorting you
would have known this.
J
On Fri, 18 Apr 2008 10:25:38 -0400 [EMAIL PROTECTED] wrote:
>Joey,
>
Joey,
a text book case? Prehaps im missing something, but see nothing in
Genbolds email which makes me consider XSS. XSS is often a small amount of
traffic, with HTML and javascript in post request content or get request
query strings.
Ganbold,
In my opinion, it's more likely it's one of the fol
> Recently I have seen a lots of connections to 64.40.117.19 port 80 in
> one of our clients network.
>
could be a lot of things .. do you have tcpdump? .. a packet trace would
make your attempt at collective troubleshooting a *lot* easier .. but
DDOS is an easy "malicious" guess. Non-malic
Ganbold,
This sounds like a textbook case of Cross Site Scripting (XSS).
Consider filtering user output more carefully.
J
On Fri, 18 Apr 2008 03:54:24 -0400 Ganbold <[EMAIL PROTECTED]>
wrote:
>Hi,
>
>Recently I have seen a lots of connections to 64.40.117.19 port 80
>in
>one of our clients n
Hi,
Recently I have seen a lots of connections to 64.40.117.19 port 80 in
one of our clients network.
Connections are coming from all over the Internet (various different
IPs) specifically to this IP.
Due to this problem (I guess it is DDoS) one of our router's CPU usage
grew up to 100% and sto
23 matches
Mail list logo
