@eyedeekay
+R4SAS
+RN
+RN_
+T3s|4
+Xeha
+not_bob
+orignal
FreeRider
Irc2PGuest75862
Onn4l7h
Onn4|7h
T3s|4_
aargh3
acetone_
anon4
cancername
eyedeekay_bnc
profetikla
shiver_1
u5657
weko_
x74a6
dr|z3d
I think I've a basic grasp now, but they're still a headache :|
obscuratus
:)
dr|z3d
something really suspect going on with tunnel requests right now, or a major bug is being exposed.
dr|z3d
a huge number of "double hop" requests.
dr|z3d
yeah, it's a strange on. only seeing the double hop requests in any meaningful numbers on an sc outproxy router. it's more and more starting to smell like a prolonged targeted attack.
zzz
orignal, when you send datetime block, do you round: (ms + 500) / 1000, or truncate: ms / 1000 ?
dr|z3d
a flurry of these in the logs: Packet without RST or SYN where we don't know stream ID: fSRmuw/XlgqNA
dr|z3d
this one might be one to keep an eye on: tATb9X
dr|z3d
seems to be spamming a lot of exploratory lookup requests. is also an unreachable X tier floodfill.
orignal
sec
orignal
htobe32buf (payload + 3, ts/1000);
orignal
e.g. truncate
orignal
I can change to rounding if you wish