On Fri, 2013-08-16 at 19:31 +0200, Jann Horn wrote: > Let me google that for you. Hmm. Assigned to "Polipo Web proxy". So maybe > someone tried to connect to them through your exit node and they do proxyscans > on people who connect to them? > >
Sorry but I did not understand this. I had already said it was attempt on polipo. What exactly was so dumb in my phrasing that required you to rephrase it? > > Before the packet storm, > > Oooh, a storm! > > Ok, maybe it was just a light wind and my system is the most laughable one. > Maybe your disk is just broken? > > This may very well be the case. I'll recheck for badblocks. The disk is a few years old. > > > Your systems were impacted by a DoS attack with 30 packets per second? You > might > want to upgrade to hardware that is a few decades newer. > I answered this on the other reply. It is certainly weird. > > 74.63.255.118: 248 > > 216.245.193.201: 235 > > 208.115.232.205: 231 > > 74.63.255.119: 225 > > 216.245.193.200: 219 > [...] > > O=TCP SPT=2216 : 1 > > You were attacked by "O=TCP SPT=2216"? Cool story. I'm glad you flagged this. I made up some quick dirty code to parse log messages and though it seems to have worked fine on most lines, this one got wrong on the regex. Thank you. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
