@eyedeekay
+R4SAS
+RN
+T3s|4
+Xeha
+acetone
+orignal
+polistern
+weko
Hikari
Irc2PGuest67835
Leopold
Minogami
Onn4l7h
Onn4|7h
T3s|4_
anon4
eyedeekay_bnc
idk
j6
not_bob_afk
profetikla
qend-irc2p
u5657
x74a6
dr|z3d
I think I've a basic grasp now, but they're still a headache :|
obscuratus
:)
dr|z3d
something really suspect going on with tunnel requests right now, or a major bug is being exposed.
dr|z3d
a huge number of "double hop" requests.
dr|z3d
yeah, it's a strange on. only seeing the double hop requests in any meaningful numbers on an sc outproxy router. it's more and more starting to smell like a prolonged targeted attack.
zzz
orignal, when you send datetime block, do you round: (ms + 500) / 1000, or truncate: ms / 1000 ?
dr|z3d
a flurry of these in the logs: Packet without RST or SYN where we don't know stream ID: fSRmuw/XlgqNA
dr|z3d
this one might be one to keep an eye on: tATb9X
dr|z3d
seems to be spamming a lot of exploratory lookup requests. is also an unreachable X tier floodfill.
orignal
sec
orignal
htobe32buf (payload + 3, ts/1000);
orignal
e.g. truncate
orignal
I can change to rounding if you wish