IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2022/12/18
dr|z3d I think I've a basic grasp now, but they're still a headache :|
dr|z3d something really suspect going on with tunnel requests right now, or a major bug is being exposed.
dr|z3d a huge number of "double hop" requests.
dr|z3d yeah, it's a strange on. only seeing the double hop requests in any meaningful numbers on an sc outproxy router. it's more and more starting to smell like a prolonged targeted attack.
zzz orignal, when you send datetime block, do you round: (ms + 500) / 1000, or truncate: ms / 1000 ?
dr|z3d a flurry of these in the logs: Packet without RST or SYN where we don't know stream ID: fSRmuw/XlgqNA
dr|z3d this one might be one to keep an eye on: tATb9X
dr|z3d seems to be spamming a lot of exploratory lookup requests. is also an unreachable X tier floodfill.
orignal htobe32buf (payload + 3, ts/1000);
orignal e.g. truncate
orignal I can change to rounding if you wish