?

Log in

No account? Create an account

First recorded attempt to attack my systems via IPv6 - Journal of Omnifarious

May. 29th, 2008

03:31 pm - First recorded attempt to attack my systems via IPv6

Previous Entry Share Next Entry

Someone just tried to spam my CAKE wiki via IPv6. The attack came from 2002:c26a:c164:0:216:cbff:feab:b3f5 which is a 6to4 address (you can tell from the beginning 2002) meaning that it corresponds to the IPv4 address of c26ac164, also known as 194.106.193.100 which is the address of some computer in Poland.

It also looks like they're on a network that's using EUI-64 based IPv6 address assignment, so the MAC address it came from is 00:16:cb:ab:b3:f5. Looking that up at the MAC Address Vendor lookup page reveals that this MAC address belongs to an Apple.

Someone's poor hacked Mac is trying to spam my wiki, or this is the computer of the hacker who's running the botnet trying to figure out why none of the spam is showing up.

Current Location: 1309 NE 45th St, 98105
Current Mood: [mood icon] impressed

Comments:

From:(Anonymous)
Date:May 30th, 2008 06:41 pm (UTC)
(Link)
I'm form Poland too, but it wasn't me! :) but nice you have discovered so many informations from one single IPv6 address.
(Reply) (Thread)
[User Picture]
From:omnifarious
Date:May 30th, 2008 08:32 pm (UTC)

So much information from one IPv6 address

(Link)

That is kind of neat, isn't it? I actually have a small Python script that does some of that for me, though I didn't use it in this case. I should publish that script.

(Reply) (Parent) (Thread)