11
Apr
09

Macau – WTF?

Yes, I’m still alive.  And I’m still working on this mess.

I took a little nappy on the couch tonight.  Woke up in the wee hours of the morning, and checked the list.

Two pages of proxies from 125.31.0.0/19 came from nowhere (also known as Macau).

Do they work for you?  They sure don’t work for me.  All those addresses seem to have been NULL routed since they were discovered.  That is, packets go out but they don’t come back.  I’ve tried tracerouting the IPs but I get stuck in a router loop after ten hops, when the packets hit ctm.net (CTM Internet Services, according to the whois record), the people who own the IPs.

This is very reminiscent of last year’s Bahrain Incident

There’s definitely some sort of problem going on with CTM Internet Services, but whether they’ve been hacked or they’re new at the ISP business is anyone’s guess right now.

However, I’ve seen this coming.  Proxies from Macau (“MO”) started showing up a couple of weeks ago.  They screwed up the list because I didn’t have a flag for “MO”.  As soon as I fixed that, more and more (MO and MO?) started to show up, culminated by today’s flood and NULL route.

I’m thinking Conficker, since the time frame is right, but it could be a coincidence.

In other news, I’m working on moving the project to another (virtual) server.  I finally hit a wall with Xubuntu 7.04 (Feisty Fawn) and got stuck in the Land of Non-Support.  Right now everything but the database has been moved over.  This weekend looks good for a migration.

Wish me luck.

Advertisements

0 Responses to “Macau – WTF?”



  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


Archives

Advertisements

%d bloggers like this: