ASAP |
Technical Gal
|
|
|
Reged: 12/12/07
|
Posts: 27
|
Loc: US
|
|
Send PM
|
|
|
Robbie's WIP
#346726 - 11/05/15 11:49 PM
|
|
|
|
|
Re: Robbie's WIP
[Re: ASAP]
#346739 - 11/06/15 09:41 AM
|
|
|
Is the site down? It drops TCP connections for me.
|
|
|
B2K24 |
MAME @ 15 kHz Sony Trinitron CRT user
|
|
|
Reged: 10/25/10
|
Posts: 2663
|
|
|
Send PM
|
|
|
Re: Robbie's WIP
[Re: Vas Crabb]
#346740 - 11/06/15 09:46 AM
|
|
|
> Is the site down? It drops TCP connections for me.
Not having any problems here on my end.
|
|
|
|
Re: Robbie's WIP
[Re: B2K24]
#346741 - 11/06/15 10:02 AM
|
|
|
> > Is the site down? It drops TCP connections for me. > > Not having any problems here on my end.
Fuck geoblocking. It just keeps getting worse. I'm going to quit the scene if it doesn't get better.
|
|
|
|
Re: Robbie's WIP
[Re: Vas Crabb]
#346742 - 11/06/15 11:06 AM
|
|
|
|
gregf |
Ramtek's Trivia promoter
|
|
|
Reged: 09/21/03
|
Posts: 8615
|
Loc: southern CA, US
|
|
Send PM
|
|
|
Re: Robbie's WIP
[Re: ASAP]
#346753 - 11/06/15 06:59 PM
|
|
|
Good to see his work continue with various gambling hardware. Robbie's work and also any updates over on the PE Plus hardware side is a good thing imo.
|
|
|
|
Re: Robbie's WIP
[Re: Vas Crabb]
#346754 - 11/06/15 07:17 PM
|
|
|
> > > Is the site down? It drops TCP connections for me. > > > > Not having any problems here on my end. > > Fuck geoblocking. It just keeps getting worse. I'm going to quit the scene if it > doesn't get better.
What a fantastic idea. Blame teh sk3n3 for needing to do something about the fact that China is a festering shithole of malware and spammers, rather than just rolling over and letting their comment sections be overrun with "Fre3 Adidos Shoes Kardashians [insert malware URL here]".
|
|
|
|
Re: Robbie's WIP
[Re: MooglyGuy]
#346760 - 11/07/15 02:11 AM
|
|
|
The site isn't working for me here in Australia either (unless I use a proxy link) Not that I like Spam on sites but I didn't think Australia was a country that was particularly involved in doing that...
|
|
|
|
Re: Robbie's WIP
[Re: MooglyGuy]
#346777 - 11/07/15 07:59 AM
|
|
|
> What a fantastic idea. Blame teh sk3n3 for needing to do something about the fact > that China is a festering shithole of malware and spammers, rather than just rolling > over and letting their comment sections be overrun with "Fre3 Adidos Shoes > Kardashians [insert malware URL here]".
That's a load of shit on several counts. Firstly I get the same TCP connection drops when connecting from an Australian IP address, so he's not just blocking China. Secondly, Robbie's site has no comments sections, so blocking comment spam isn't a valid reason in this case. And thirdly, China doesn't have an out-of-proportion spamming malware problem. According to Spamhaus stats which are a pretty decent proxy for estimating malware issues, China has 64% of the spam issues of the US despite having over four times the population. China's not doing as well as India on spam issues per capita, but they're not doing badly.
|
|
|
casm |
Cinematronics > *
|
|
|
Reged: 08/27/07
|
Posts: 668
|
|
|
Send PM
|
|
|
Re: Robbie's WIP
[Re: Vas Crabb]
#346793 - 11/07/15 06:47 PM
|
|
|
> That's a load of shit on several counts. Firstly I get the same TCP connection drops > when connecting from an Australian IP address, so he's not just blocking China. > Secondly, Robbie's site has no comments sections, so blocking comment spam isn't a > valid reason in this case. And thirdly, China doesn't have an out-of-proportion > spamming malware problem. According to Spamhaus stats which are a pretty decent proxy > for estimating malware issues, China has 64% of the spam issues of the US despite > having over four times the population. China's not doing as well as India on spam > issues per capita, but they're not doing badly.
Except that spam is only one facet of the problem.
Hosts located in China are responsible for roughly two-thirds of the visible attack traffic that we see at work. This presents a significant signal-to-noise problem for our SOC analysts, who, if we were not actively blocking bad actor hosts and netblocks located in China, would literally not have time to be able to get on with their jobs. This would also have an upstream effect on our security engineers, who (even with SIEM, which is largely not as useful as the companies selling it would have everyone believe) would be in the situation of having to dig even more tons of crap out of logs than they already do in order to find and respond to potential indicators of compromise.
Thus, my choice comes down to this: let my staff be distracted by the legion of infected Windows XP boxes and people hitting Metasploit's big red hack button in Guangzhou and risk missing a successful attempt at exploitation or intrusion, or drop traffic from China (a country we have no business presence in or with) wherever possible. It's not a difficult decision to make.
Additionally, most of the exfiltration attempts that we've been seeing from inside of networks where exploit kits have managed to gain a foothold is going to - you guessed it - China. Russia's usually a close second.
If the problem was centred on Canada rather than China, we'd be doing exactly the the same thing to the Great White North. The country involved is irrelevant, but the origin is not.
|
|
|
|
Re: Robbie's WIP
[Re: casm]
#346798 - 11/07/15 10:47 PM
|
|
|
> > That's a load of shit on several counts. Firstly I get the same TCP connection > drops > > when connecting from an Australian IP address, so he's not just blocking China. > > Secondly, Robbie's site has no comments sections, so blocking comment spam isn't a > > valid reason in this case. And thirdly, China doesn't have an out-of-proportion > > spamming malware problem. According to Spamhaus stats which are a pretty decent > proxy > > for estimating malware issues, China has 64% of the spam issues of the US despite > > having over four times the population. China's not doing as well as India on spam > > issues per capita, but they're not doing badly. > > Except that spam is only one facet of the problem. > > Hosts located in China are responsible for roughly two-thirds of the visible attack > traffic that we see at work. This presents a significant signal-to-noise problem for > our SOC analysts, who, if we were not actively blocking bad actor hosts and netblocks > located in China, would literally not have time to be able to get on with their jobs. > This would also have an upstream effect on our security engineers, who (even with > SIEM, which is largely not as useful as the companies selling it would have everyone > believe) would be in the situation of having to dig even more tons of crap out of > logs than they already do in order to find and respond to potential indicators of > compromise. > > Thus, my choice comes down to this: let my staff be distracted by the legion of > infected Windows XP boxes and people hitting Metasploit's big red hack button in > Guangzhou and risk missing a successful attempt at exploitation or intrusion, or drop > traffic from China (a country we have no business presence in or with) wherever > possible. It's not a difficult decision to make. > > Additionally, most of the exfiltration attempts that we've been seeing from inside of > networks where exploit kits have managed to gain a foothold is going to - you guessed > it - China. Russia's usually a close second. > > If the problem was centred on Canada rather than China, we'd be doing exactly the the > same thing to the Great White North. The country involved is irrelevant, but the > origin is not.
And what is your profession, casm?
|
"Note to Noobs:
We are glad to help you but simply posting that something does not work is not going to lead to you getting help. The more information you can supply defining your problem, the less likely it will be that you will get smart-alec replies.
C.D.~"
|
|