[Icecast] Many short connections less than 1 second
Petr Pisar
petr.pisar at atlas.cz
Wed Feb 23 20:50:11 UTC 2022
V Wed, Feb 23, 2022 at 09:11:06PM +0100, HGAlt napsal(a):
> Here are some examples:
>
> 0 => 2022-02-22 06:53:30
> 1 => 2022-02-22 06:53:30
> 2 => 2022-02-22 06:53:35
> 3 => 2022-02-22 07:57:10
> 4 => 2022-02-22 07:57:10
> 5 => 2022-02-22 07:57:11
> 6 => 2022-02-22 17:59:13
> 7 => 2022-02-22 17:59:13
> 8 => 2022-02-22 17:59:14
> 9 => 2022-02-22 21:49:07
>
Look up IP addresses of the clients. Maybe they have something in common. E.g.
an ISP they belong to.
An explanation could be a "security" network scanner. Recently, plenty of
companies emerged which scan Internet for various services and then earn money
by selling the data. They usually disguise themselves as a security research.
However, rescanning your host every hour or two implies that they actually
monitor existence of the services. Then they sell these data (i.e. list of IP
address running a service, possibly guessing a version of the server's
software) to customers without asking what the customers are going to do with
the data. The customers are usually bad guys mounting an attack against that
services in order to include the victims into a botnet. It's cheaper to buy
a list of potentially vulenerable hosts, than scanning 4 billion address on
your own. E.g. when a new zero-day vulnerability is announced in a popular
server implementation, it's very handy to have a ready-made list of vulnerable
hosts you can immediatelly target.
-- Petr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20220223/8d298240/attachment.sig>
More information about the Icecast
mailing list