Current Desktop


I can't believe it's been two weeks since I last changed the desktop. Now that I've gotten rid of my life, it's time to start pimping up the desktop again!

Random Song

Franz Liszt - Totentanz
Krystian Zimerman - Piano; Seiji Ozawa - Boston Symphonie Orchestra
208kbps Ogg Vorbis (SSE3MTLancer)
Download
If the last one didn't score high on the music tastes chart, this one will. Plus, Krystian Zimerman rips through this song like a katana through flesh jelly. And everybody knows Totentanz. Right?

StatPress

Visits today: 49
Visits total: 9457
Visits now: 2
28 February 2008 Computers

I set a server up for my friends to share the C73 techno. The next day some script kiddie was trying to hack in with brute force. He tried steadily longer passwords.

(000093) 2/27/2008 6:39:26 AM - (not logged in) (211.72.249.252)> PASS ******
(000093) 2/27/2008 6:39:26 AM - (not logged in) (211.72.249.252)> 530 Login or password incorrect!
(000093) 2/27/2008 6:39:45 AM - (not logged in) (211.72.249.252)> PASS ******
(000093) 2/27/2008 6:39:45 AM - (not logged in) (211.72.249.252)> 530 Login or password incorrect!
(000093) 2/27/2008 6:40:07 AM - (not logged in) (211.72.249.252)> 421 Login time exceeded. Closing control connection.
(000093) 2/27/2008 6:40:07 AM - (not logged in) (211.72.249.252)> disconnected.
(000094) 2/27/2008 6:40:07 AM - (not logged in) (211.72.249.252)> Connected, sending welcome message…
(000094) 2/27/2008 6:40:07 AM - (not logged in) (211.72.249.252)> 220-FileZilla Server version 0.9.24 beta
(000094) 2/27/2008 6:40:07 AM - (not logged in) (211.72.249.252)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000094) 2/27/2008 6:40:07 AM - (not logged in) (211.72.249.252)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000094) 2/27/2008 6:40:13 AM - (not logged in) (211.72.249.252)> USER Administrator
(000094) 2/27/2008 6:40:13 AM - (not logged in) (211.72.249.252)> 331 Password required for administrator
(000094) 2/27/2008 6:40:19 AM - (not logged in) (211.72.249.252)> USER Administrator
(000094) 2/27/2008 6:40:19 AM - (not logged in) (211.72.249.252)> 331 Password required for administrator
(000094) 2/27/2008 6:40:27 AM - (not logged in) (211.72.249.252)> USER Administrator
(000094) 2/27/2008 6:40:27 AM - (not logged in) (211.72.249.252)> 331 Password required for administrator
(000094) 2/27/2008 6:40:35 AM - (not logged in) (211.72.249.252)> PASS *******
(000094) 2/27/2008 6:40:35 AM - (not logged in) (211.72.249.252)> 530 Login or password incorrect!
(000094) 2/27/2008 6:40:59 AM - (not logged in) (211.72.249.252)> PASS *******
(000094) 2/27/2008 6:40:59 AM - (not logged in) (211.72.249.252)> 530 Login or password incorrect!
(000094) 2/27/2008 6:41:08 AM - (not logged in) (211.72.249.252)> 421 Login time exceeded. Closing control connection.
(000094) 2/27/2008 6:41:08 AM - (not logged in) (211.72.249.252)> disconnected.
(000095) 2/27/2008 6:41:08 AM - (not logged in) (211.72.249.252)> Connected, sending welcome message…
(000095) 2/27/2008 6:41:08 AM - (not logged in) (211.72.249.252)> 220-FileZilla Server version 0.9.24 beta
(000095) 2/27/2008 6:41:08 AM - (not logged in) (211.72.249.252)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000095) 2/27/2008 6:41:08 AM - (not logged in) (211.72.249.252)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000095) 2/27/2008 6:41:14 AM - (not logged in) (211.72.249.252)> USER Administrator
(000095) 2/27/2008 6:41:14 AM - (not logged in) (211.72.249.252)> 331 Password required for administrator
(000095) 2/27/2008 6:41:20 AM - (not logged in) (211.72.249.252)> USER Administrator
(000095) 2/27/2008 6:41:20 AM - (not logged in) (211.72.249.252)> 331 Password required for administrator
(000095) 2/27/2008 6:41:28 AM - (not logged in) (211.72.249.252)> USER Administrator
(000095) 2/27/2008 6:41:28 AM - (not logged in) (211.72.249.252)> 331 Password required for administrator
(000095) 2/27/2008 6:41:36 AM - (not logged in) (211.72.249.252)> PASS ******
(000095) 2/27/2008 6:41:36 AM - (not logged in) (211.72.249.252)> 530 Login or password incorrect!
(000095) 2/27/2008 6:41:59 AM - (not logged in) (211.72.249.252)> PASS ******
(000095) 2/27/2008 6:41:59 AM - (not logged in) (211.72.249.252)> 530 Login or password incorrect!
(000095) 2/27/2008 6:42:09 AM - (not logged in) (211.72.249.252)> 421 Login time exceeded. Closing control connection.
(000095) 2/27/2008 6:42:09 AM - (not logged in) (211.72.249.252)> disconnected.

I spent the better half of an hour thinking of something extremely poisonous to put in the FTP’s welcome message. By the time I had found a suitable line to put that wouldn’t be truncated, I figured out I could just slap a 24 hour ban on his ass. So I did. But I was still late for class…
Then later on I played Utawarerumono and got really hooked… but that’s a different story.

5 Responses to “Script Kid made me late to class.”

  1. kwstasNo Gravatar, on March 6th, 2008 at 5:44 pm

    actually, it is not a kid. This host (211.72.249.252) is also attacking my FTP server for 3 hours now, I googled it and found your site! It’s probably a hacked, zombie box, used to scan large networks. Block his ass :-)

  2. ritchanNo Gravatar, on March 8th, 2008 at 2:21 pm

    Ah, thanks for the tip man!

  3. sebNo Gravatar, on March 11th, 2008 at 10:42 am

    wow. not thinking that googling the IP would actually turn anything up, I find this page. that same ip (211.72.249.252) was also attacking an FTP server for one of my customers. they tried tons of usernames over the course of a few hours. i would agree with the first comment. anyone finding this page after being attacked by that IP should block it entirely.

  4. ozmanNo Gravatar, on March 14th, 2008 at 9:17 am

    Saw this on me too, so I scanned him…

    Completed RPCGrind Scan against 211.72.249.252 at 10:14, 0.37s elapsed (1 port)
    SCRIPT ENGINE: Initiating script scanning.
    Initiating SCRIPT ENGINE at 10:14
    SCRIPT ENGINE DEBUG: showHTMLTitle.nse: Title got truncated!
    Completed SCRIPT ENGINE at 10:15, 3.03s elapsed
    Host 211.72.249.252 appears to be up … good.
    Interesting ports on 211.72.249.252:
    Not shown: 1705 closed ports
    PORT STATE SERVICE VERSION
    22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
    |_ SSH Protocol Version 1: Server supports SSHv1
    25/tcp filtered smtp
    80/tcp open http Apache httpd 2.0.52 ((Red Hat))
    |_ HTML title: Test Page for the Apache HTTP Server on Red Hat Enterprise Lin…
    111/tcp open rpcbind 2 (rpc #100000)
    | rpcinfo:

    | 100000 2 111/udp rpcbind

    | 100024 1 32768/udp status

    | 100000 2 111/tcp rpcbind

    |_ 100024 1 32769/tcp status
    443/tcp open ssl OpenSSL
    | SSLv2: server still supports SSLv2

    | SSL2_DES_192_EDE3_CBC_WITH_MD5

    | SSL2_RC2_CBC_128_CBC_WITH_MD5

    | SSL2_RC4_128_WITH_MD5

    | SSL2_RC4_64_WITH_MD5

    | SSL2_DES_64_CBC_WITH_MD5

    | SSL2_RC2_CBC_128_CBC_WITH_MD5

    |_ SSL2_RC4_128_EXPORT40_WITH_MD5
    554/tcp filtered rtsp
    1720/tcp filtered H.323/Q.931
    2000/tcp filtered callbook
    5060/tcp filtered sip
    No OS matches for host
    Uptime: 1.398 days (since Thu Mar 13 00:42:35 2008)
    TCP Sequence Prediction: Difficulty=254 (Good luck!)
    IP ID Sequence Generation: All zeros

  5. ritchanNo Gravatar, on March 14th, 2008 at 2:40 pm

    I have no clue what that means, other than that he’s probably not a bot and you might be able to force your way in through SSH. I remember going ‘http://that ip address’ and I got a blank page.

Leave a Reply

« ain’t dead yetAnd Kenny Sia still sucks. »

RSS dasaku.net

RSS ARSTechnica

RSS The INQUIRER