Author Topic: Microsoft attacks Nmap!  (Read 2485 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Microsoft attacks Nmap!
« on: April 25, 2006, 11:19:34 am »
Disclaimer: This is a joke, sorta.  It was obviously a  bug, not an attack. 

Quote
Last Monday, some of you may have noticed Insecure.Org slowing to a
crawl for a brief period.  Meanwhile, my colocation bandwidth graph
skyrocketed to massive-overage-charges-if-this-continues territory.
My weblogs showed this sort of behavior:

207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:52 -0700]
"GET /lists/security-basics/2006/Apr/0001.html HTTP/1.1" 200 20718 "-" "-"
207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:52 -0700]
"GET /lists/security-basics/2006/Apr/0002.html HTTP/1.1" 200 17568 "-" "-"
207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:53 -0700]
"GET /lists/security-basics/2006/Apr/0003.html HTTP/1.1" 200 18456 "-" "-"
207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:53 -0700]
"GET /lists/security-basics/2006/Apr/0004.html HTTP/1.1" 200 26590 "-" "-"
207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:53 -0700]
"GET /lists/security-basics/2006/Apr/0005.html HTTP/1.1" 200 21509 "-" "-"
207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700]
"GET /lists/security-basics/2006/Apr/0006.html HTTP/1.1" 200 19844 "-" "-"
207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700]
"GET /lists/security-basics/2006/Apr/0007.html HTTP/1.1" 200 13938 "-" "-"
207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700]
"GET /lists/security-basics/2006/Apr/0008.html HTTP/1.1" 200 23157 "-" "-"
207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700]
"GET /lists/security-basics/2006/Apr/0009.html HTTP/1.

MS proceeded to make 3738 requests for security-basics articles in
about 20 minutes.  That is more than three requests each second.  So I
had no choice but to ban them.  This was obviously an intentional DoS
attack orchestrated from the highest levels in MS to take down
Insecure.Org.  Probably Steve Ballmer realized I wasn't within chair
throwing distance and so he came up with this plan instead :).  Hehe,
actually it is surely some employee who forgot that we don't all have
as much bandwidth as Microsoft.  So for now, I've banned the IP.

The good news in all this is that MS has apparently started to read
security-basics.  It is about time :).  I'm tempted to unblock the IP
to see if they come back for more intermediate and advanced material
like Bugtraq next month :).

Cheers,
-F

PS: If there is a point to this email, it is simply this: Please don't
run recursive wget or any other scraper against Insecure.Org.  If you
only need a small set of pages (less than a couple hundred), I guess
that is OK.  If you have a really good reason that you need thousands
of pages, send me an email and I may be able to make a .tar.bz2
available for you.  I'd be happy to send the whole mbox-format
security-basics archives to Microsoft, for example.

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Microsoft attacks Nmap!
« Reply #1 on: June 22, 2006, 03:36:19 pm »
Hahaahha.  MS is reading security websites so they can fix their OS!
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine