evcz.tk » Uncategorized

È successo: fastweb + ip bogon (5.0.0.0/8) = EPIC FAIL

EvolutionCrazy — Fri, 18 May 2012 00:24:18 +0000

http://www.hostingtalk.it/forum/server-dedicati-colocation-connettivita-e-scelta-data-center/25527-hetzner-fastweb.html

http://www.webhostingtalk.com/showthread.php?p=8130717#post8130717

AHAHAHAHAH

EDIT: per una spiegazione più completa:
http://blog.grg-web.eu/2012/05/rfc-ignorate-la-fine-del-mondo-inizia-con-fastweb/

Chargen (UDP port 19) – Reflected ddos

EvolutionCrazy — Sun, 06 May 2012 12:32:27 +0000

Lately I’m seeing chargen service being abused a lot to execute distributed denial of service attacks.
It’s not just “standard ddos”… it’s a reflected ddos with a massive aplification rate!!!
(Amplification rate can be as high as 512x… that means with that just a 100mbit pipe a malicius attacker could easely accomplish a 10gbit+ ddos!)

What is chargen?

From wikipedia:
<<In the UDP implementation of the protocol, the server sends a UDP datagram containing a random number (between 0 and 512) of characters every time it receives a datagram from the connecting host.>>

Apparently there’s absolutely no handshake at all with chargen… only the TCP version (obviously) requires handshake…

How are hosts running chargen (UDP) used as botnets?

To execute the attack people are sending spoofed UDP packets with a forged source IP address to hundreds of hosts running chargen (and there are many of them!).
These hosts just reply to the apparent source of such packet as they are intendend to do… the problem is that they are replying to the forged IP address… that host has never requested something to them!

Is my machine vulnerable?

To test if your machine could be exploited just run:
echo t | nc -u X.X.X.X 19

replace X.X.X.X with an IP running chargen… If you got a reply you just found a host that can be used as part of a ddos botnet…

How can I make my machine secure?

details on how to disable chargen service:
http://shalb.com/kb/entry/10043/
(on that link they refer to another weak point of chargen: looks like it can also be used to let machines running chargen attack each-other…)

if you are running chargen on one of your hosts: CLOSE THAT FUCKING PORT (IN UDP 19)!
if you are a carrier/ISP that allows spoofed traffic to leave your network: HOPE YOU GET BANKRUPT AND CLOSE YOUR FUCKING DOORS FOR GOOD!

ktnxbye

Google Calendar – how to fix missing holidays calendar

EvolutionCrazy — Tue, 24 Apr 2012 22:07:56 +0000

I was missing the holidays calendar into a specific google calendar account…

in order to add it back again this is the calendar address:

it.italian#holiday@group.v.calendar.google.com

just add it as it was a new calendar you want to link

another special calendar you might want to add is:

#contacts@group.v.calendar.google.com

My old projects

EvolutionCrazy — Thu, 11 Jun 2009 20:20:17 +0000

As I’m going to close down “evcz.altervista.org”, will archive here something from my past…

phpipblocker (last version 0.99j)
phpipblocker archive

php2dns (last version 0.91beta)
php2dns archive