October 2009 Archives

I attended this months OWASP Melbourne meeting. It's been a while since I attended one and the talks this month were too good to miss.

Matthew Hackling - Australian Prudential Practice Guide 234
I missed the start of this thanks to my reading comprehension which saw me waste $4 on parking at Deloitte's old offices in QV. I'll be following the development on this closely.

The second presentation was
Richard Farrell - Static Source Code Analysis - What, why, when and how?
Although the world of static analysis hasn't had any earth shattering break throughs lately it was very good to see how the enterprise solution integrate and work. I wish I'd had more time to stay around and play, perhaps another time,

I have no idea why I didn't hear about this until I heard about the Ethical Hackers SSHliders challenge.

Unlike your average run of the mill challenges where you visit some third party server or website and exploit your way through some (usually) fake or not credible binaries or website. In this challenge you download and execute a virtual machine image and you have to overcome a local hindrance to gain entrance to the game. The round is unfortunately over, but you can still complete the challenge. I have been far to busy to get started yet, but I hope to complete as much as I can before round 2 starts.

Since it's coming from sans I expect there is a decent variety of difficulty and types of challenges as they have some very good brain to draw on for ideas.

Take the challenge now at http://www.sans.org/netwars/

The Ethical Hacker guys have recently released a new challenge called sshliders
To compete, head over to http://www.ethicalhacker.net/content/view/279/2/ read the details, work out some answers and submit your entry.

There will be three winners:

• Best technical answer
• Most creative entry that is also technically correct,
  
• Random draw. 

Even if you don't know all the answers or can only guess, submit an entry with what you do have, and you'll be entered in that random draw. Winners will receive signed copies of the book, Counter Hack Reloaded. All entries are due by November 23, 2009

I've always had to deal with it, and I don't find MT's spam modules to very helpful in easing the pain of managing trackback spam. So I thought it might just be worth blocking some IPs. I did a little grep and without any further ado I present the numbers taken from 6 months worth of apache logs;

root@localhost# zgrep tb.cgi access.log* | awk '{print $1}' | sort | uniq -c | sort -n -r |head -25
   3390 74.86.238.186
    471 206.51.226.198
    451 208.53.130.221
    435 64.34.172.35
    329 66.96.208.53
    318 67.159.44.159
    299 65.60.37.195
    257 76.73.1.50
    248 208.85.242.212
    188 208.53.137.178
    169 72.167.36.70
    161 208.43.255.125
    148 212.227.114.150
    140 65.18.193.119
    139 74.63.64.94
    138 69.65.58.166
    137 66.197.167.120
    136 208.109.171.65
    129 74.86.60.98
    128 66.45.240.66
    120 64.59.71.191
    113 67.159.44.63
     99 64.202.163.76
     98 85.17.145.7
     93 64.191.50.30

Sometimes I wish I could easily group by CIDR on the CLI

Most of the comment spam I receive on this blog was coming from within two IP ranges, both belonging to;
aut-num: AS44557
as-name: DRAGONARA
descr: Dragonara Alliance Ltd
import: from AS13030 action pref=100; accept ANY
export: to AS13030 announce AS44557
admin-c: AGAV2-RIPE
tech-c: AGAV2-RIPE
notify: tech@dragonara.net
mnt-by: DRAGONARA-MNT
mnt-routes: DRAGONARA-MNT
changed: hostmaster@ripe.net 20080205
source: RIPE

I have blocked them in my firewall and would recommend you do the same.