Even though Slashdot is often joked about on the lists, I was wondering if anyone has been experiencing similar scans from their IP address and if so has anyone confirmed it to be them or is the source address being spoofed?
The scans are directed at proxy services and Slashdot has recently been getting crapflooded with anonymous posts made through open proxies and is rumored to be banning the IP's of those proxies. Here is an example:
http://slashdot.org/comments.pl?sid=150000&threshold=1&commentsort=0&tid=172&mode=thread&cid=12572018
Therefore it seems reasonable that the source of the scans is actually Slashdot. If they are scanning me for open proxies, then are they scanning everyone else who visits their site today? I gave up trying to get any response via email from Slashdot years ago so I am not going to contact them.
This is the recent output of my logfile (my IP is xx'd out):
They scan everyone, it has been going on for a long time, not just recently. I don't remember if it is when you attempt to post comments or even just when you attempt to read stories.
The recent crapflood might be people attempting to get TOR endpoints/egresspoints banned, just a guess - since if those address from which the comments were posted were actually open proxies then /. already has the technology to block them. So I think the posters are maybe not being completely truthful about how and from where they are posting (otherwise they wouldn't need to try to induce people to mod their posts).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
