Conversation

Notices

1. Embed this notice
   ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Saturday, 15-Nov-2025 08:34:54 JST ✧✦Catherine✦✧

   existing on the internet is interesting. you have days of relative silence, then 2000 requests in 10 seconds for no clear reason

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Saturday, 15-Nov-2025 08:38:53 JST ✧✦Catherine✦✧

     in reply to

     the logs show that every single one came looking for the bare IP and were rejected by the TLS termination before they had a chance to explain what resource they're here for

     so i've no idea why they do this. sure looks like an ineffective DoS attempt though

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Saturday, 15-Nov-2025 08:58:09 JST ✧✦Catherine✦✧

     in reply to

     • Mike P

     @FenTiger you'd need millions of attempts for those, not thousands, I think

   • Embed this notice
     Mike P (fentiger@mastodon.social)'s status on Saturday, 15-Nov-2025 08:58:10 JST Mike P

     in reply to

     @whitequark Side channel attack?

   • Embed this notice
     Mike P (fentiger@mastodon.social)'s status on Saturday, 15-Nov-2025 18:29:09 JST Mike P

     in reply to

     @whitequark I hope you're right.

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Tuesday, 18-Nov-2025 17:41:53 JST ✧✦Catherine✦✧

     in reply to

     • zer0 :verified:

     @zer0 i do not log IPs

   • Embed this notice
     zer0 :verified: (zer0@infosec.exchange)'s status on Tuesday, 18-Nov-2025 17:41:54 JST zer0 :verified:

     in reply to

     @whitequark export and sort -u the source IPs. Try scanning some of them maybe they have a similar (set of) ports exposed, similar OS or application version bound on the socket. May well be a (currently broken) botnet. :breadthink: