My gopher server crashed...
Remember Killing Gopher Servers From Russia, part 1, from April 2018? Well, It’s July and they’re at it again.
Killing Gopher Servers From Russia
$ bin/time-grouping-gopher < farm/gopher-server.log.1 Hour Connections [%] Selectors [%] 2018-07-12 06 22 1% 22 1% 2018-07-12 07 38 1% 38 1% 2018-07-12 08 32 1% 32 1% 2018-07-12 09 35 1% 35 1% 2018-07-12 10 34 1% 34 1% 2018-07-12 11 37 1% 37 1% 2018-07-12 12 38 1% 38 1% 2018-07-12 13 35 1% 35 1% 2018-07-12 14 32 1% 32 1% 2018-07-12 15 36 1% 36 1% 2018-07-12 16 35 1% 35 1% 2018-07-12 17 38 1% 38 1% 2018-07-12 18 39 1% 39 1% 2018-07-12 19 41 1% 41 1% 2018-07-12 20 3619 88% 3607 88%
OK, so who did this?
$ bin/ip-numbers-gopher < farm/gopher-server.log.1 | head -n 2 IP Connections [%] 90.154.53.13 3610 88%
And who is this?
$ whois 90.154.53.13|grep "org-name\|address"|head -n5 org-name: "Central Telegraph" Public Joint-stock Company address: 7, Tverskaya street address: 125375, address: Moscow address: RUSSIAN FEDERATION
And who was it last time? It was `79.165.173.172`, also “Central Telegraph”, Russia.
Idiots!
To get a feeling for those 3610 requests:
$ grep 90.154.53.13 < farm/gopher-server.log.1 | head 2018/07/12-20:01:50 CONNECT TCP Peer: "[90.154.53.13]:59651" Local: "[178.209.50.237]:70" 2018/07/12-20:01:51 CONNECT TCP Peer: "[90.154.53.13]:59776" Local: "[178.209.50.237]:70" 2018/07/12-20:01:51 CONNECT TCP Peer: "[90.154.53.13]:59808" Local: "[178.209.50.237]:70" 2018/07/12-20:01:51 CONNECT TCP Peer: "[90.154.53.13]:59825" Local: "[178.209.50.237]:70" 2018/07/12-20:01:51 CONNECT TCP Peer: "[90.154.53.13]:59900" Local: "[178.209.50.237]:70" 2018/07/12-20:01:51 CONNECT TCP Peer: "[90.154.53.13]:60000" Local: "[178.209.50.237]:70" 2018/07/12-20:01:52 CONNECT TCP Peer: "[90.154.53.13]:60020" Local: "[178.209.50.237]:70" 2018/07/12-20:01:52 CONNECT TCP Peer: "[90.154.53.13]:60083" Local: "[178.209.50.237]:70" 2018/07/12-20:01:52 CONNECT TCP Peer: "[90.154.53.13]:60085" Local: "[178.209.50.237]:70" 2018/07/12-20:01:52 CONNECT TCP Peer: "[90.154.53.13]:60123" Local: "[178.209.50.237]:70" $ grep 90.154.53.13 < farm/gopher-server.log.1 | tail 2018/07/12-20:17:01 CONNECT TCP Peer: "[90.154.53.13]:62389" Local: "[178.209.50.237]:70" 2018/07/12-20:17:01 CONNECT TCP Peer: "[90.154.53.13]:62397" Local: "[178.209.50.237]:70" 2018/07/12-20:17:01 CONNECT TCP Peer: "[90.154.53.13]:62400" Local: "[178.209.50.237]:70" 2018/07/12-20:17:01 CONNECT TCP Peer: "[90.154.53.13]:62415" Local: "[178.209.50.237]:70" 2018/07/12-20:17:01 CONNECT TCP Peer: "[90.154.53.13]:62418" Local: "[178.209.50.237]:70" 2018/07/12-20:17:01 CONNECT TCP Peer: "[90.154.53.13]:62427" Local: "[178.209.50.237]:70" 2018/07/12-20:17:02 CONNECT TCP Peer: "[90.154.53.13]:62436" Local: "[178.209.50.237]:70" 2018/07/12-20:17:02 CONNECT TCP Peer: "[90.154.53.13]:62442" Local: "[178.209.50.237]:70" 2018/07/12-20:17:02 CONNECT TCP Peer: "[90.154.53.13]:62449" Local: "[178.209.50.237]:70" 2018/07/12-20:17:02 CONNECT TCP Peer: "[90.154.53.13]:62471" Local: "[178.209.50.237]:70"
It took them 16 minutes to take out the server...
#Gopher #Russia