[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: another BADEXIT found $8424E8653469B1EFF87E79E8599933A3BAF8FDB2
On Mon, 9 Feb 2009 10:15:32 -0500 phobos@xxxxxxxxxx wrote:
>On Mon, Feb 09, 2009 at 09:07:15AM -0600, bennett@xxxxxxxxxx wrote 1.4K bytes in 26 lines about:
>: An unnamed exit with fingerprint $8424E8653469B1EFF87E79E8599933A3BAF8FDB2
>: is redirecting HTTP port 80 to
>
>Ah, 'apple'. Again they try this exact same tactic. Silly people.
>
Yes, but unfortunately that relay ranks fairly high in terms of data
rates, so it attracts a lot of traffic. :-( I see that the fingerprint has
changed since the first time I added it to my ExcludeNodes list. I notice
also that both kangnam.megapass.net (121.138.6.100) and the IP address that
appears in the bogus part of the substituted URL are in South Korea, which
is one of the worst cesspools of crackers, massmailers, and other undesirable
types that plague the Internet.
I hope that work is still progressing on automated detection and flagging
of BADEXITs.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************