#tcp — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #tcp, aggregated by home.social.
-
Почему порты стали «дверями» в сервер, и кто решил, что SSH будет 22
В 1995 году Тату Илонен написал письмо длиной с пост на Хабре и бесплатно получил номер ssh -p 22 user@host, который теперь знает каждый сисадмин. Но до этого порты были однонаправленными, чётные номера считались ненужными, а половина слотов вообще пустовала. О том, как порты стали «дверями» в сервер и что останется от них через десять лет, рассказал в статье. Читать
https://habr.com/ru/companies/ruvds/articles/1038826/
#SSH #Linux_kernel #NAT #Nmap #BSD #RFC #DevOps #сетевые_технологии #tcp #ruvds_статьи
-
Почему порты стали «дверями» в сервер, и кто решил, что SSH будет 22
В 1995 году Тату Илонен написал письмо длиной с пост на Хабре и бесплатно получил номер ssh -p 22 user@host, который теперь знает каждый сисадмин. Но до этого порты были однонаправленными, чётные номера считались ненужными, а половина слотов вообще пустовала. О том, как порты стали «дверями» в сервер и что останется от них через десять лет, рассказал в статье. Читать
https://habr.com/ru/companies/ruvds/articles/1038826/
#SSH #Linux_kernel #NAT #Nmap #BSD #RFC #DevOps #сетевые_технологии #tcp #ruvds_статьи
-
Почему порты стали «дверями» в сервер, и кто решил, что SSH будет 22
В 1995 году Тату Илонен написал письмо длиной с пост на Хабре и бесплатно получил номер ssh -p 22 user@host, который теперь знает каждый сисадмин. Но до этого порты были однонаправленными, чётные номера считались ненужными, а половина слотов вообще пустовала. О том, как порты стали «дверями» в сервер и что останется от них через десять лет, рассказал в статье. Читать
https://habr.com/ru/companies/ruvds/articles/1038826/
#SSH #Linux_kernel #NAT #Nmap #BSD #RFC #DevOps #сетевые_технологии #tcp #ruvds_статьи
-
Почему порты стали «дверями» в сервер, и кто решил, что SSH будет 22
В 1995 году Тату Илонен написал письмо длиной с пост на Хабре и бесплатно получил номер ssh -p 22 user@host, который теперь знает каждый сисадмин. Но до этого порты были однонаправленными, чётные номера считались ненужными, а половина слотов вообще пустовала. О том, как порты стали «дверями» в сервер и что останется от них через десять лет, рассказал в статье. Читать
https://habr.com/ru/companies/ruvds/articles/1038826/
#SSH #Linux_kernel #NAT #Nmap #BSD #RFC #DevOps #сетевые_технологии #tcp #ruvds_статьи
-
https://www.europesays.com/cz/91316/ Praha hledá nového nájemce petřínské restaurace Nebozízek, stávajícímu ukončila smlouvu #Nebozízek #Prague #Praha #TCP
-
BBR рулит, но есть нюанс, когда алгоритмы из нулевых понимают ваш Wi-Fi лучше
BBR принято считать современным стандартом TCP congestion control. Google разработал его в 2016 году, он работает в production крупнейших CDN, его хвалят в каждой второй статье о сетевой оптимизации. И всё это заслуженно — но с существенной оговоркой, о которой обычно не пишут. Вперёд в прошлое…
-
BBR рулит, но есть нюанс, когда алгоритмы из нулевых понимают ваш Wi-Fi лучше
BBR принято считать современным стандартом TCP congestion control. Google разработал его в 2016 году, он работает в production крупнейших CDN, его хвалят в каждой второй статье о сетевой оптимизации. И всё это заслуженно — но с существенной оговоркой, о которой обычно не пишут. Вперёд в прошлое…
-
BBR рулит, но есть нюанс, когда алгоритмы из нулевых понимают ваш Wi-Fi лучше
BBR принято считать современным стандартом TCP congestion control. Google разработал его в 2016 году, он работает в production крупнейших CDN, его хвалят в каждой второй статье о сетевой оптимизации. И всё это заслуженно — но с существенной оговоркой, о которой обычно не пишут. Вперёд в прошлое…
-
BBR рулит, но есть нюанс, когда алгоритмы из нулевых понимают ваш Wi-Fi лучше
BBR принято считать современным стандартом TCP congestion control. Google разработал его в 2016 году, он работает в production крупнейших CDN, его хвалят в каждой второй статье о сетевой оптимизации. И всё это заслуженно — но с существенной оговоркой, о которой обычно не пишут. Вперёд в прошлое…
-
New #TCP public peer is now available by thanks to @neilalexander
```
tcp://yggdrasil.neilalexander.dev:64649
```it's CPU-friendly and could be especially useful in the #Yggdrasil #TLS-less #NTP context https://yggdrasil-network.github.io/services.html#ntp
-
https://www.europesays.com/ie/486087/ Twill Typhoon used legitimate Windows tools, DLL sideloading, FDMTP backdoor in APAC espionage campaign #APAC #Apple #backdoor #Darktrace #DLLSideloading #DMTP #Éire #espionage #EspionageCampaign #FDMTP #IE #Ireland #TCP #Technology #TwillTyphoon #WindowsTools #Yahoo
-
Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)
-
Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)
-
Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)
-
Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)
-
Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)
-
ENTREI PARA O TRÁFICO AOS DEZESSEIS ANOS: https://amorscan.blogspot.com/2026/05/entrei-para-o-trafico-aos-dezesseis-anos.html?spref=tw #tráfico #vapor #contenção #bonde #facção #faccionado #CV #PCC #favela #quemsabeénóis #traficante #soubandido #bondedomaluco #TCP #famíliadonorte #vidaloka #bondedo157 #lilicantou #adolescencia
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Как технически устроена DPI-фильтрация у российских провайдеров и как её детектировать: разбор open-source инструментов
В последние пару лет любой пользователь рунета научился различать “интернет дома” и “интернет в гостях у бабушки”. На одном провайдере YouTube открывается, на другом нет. Это ощущается как непредсказуемость, но за каждой такой деградацией стоят вполне конкретные технические механизмы. Запустил open-source инструмент dpi-checkers на трёх своих подключениях, разобрался с методами TCP 16-20 и CIDR-вайтлистами и расскажу, что технически происходит с вашим трафиком на L4 — от SNI-фильтрации до QUIC-блокировок.
https://habr.com/ru/articles/1033456/
#DPI #deep_packet_inspection #TCP #TLS #SNI #CIDR #цензура #OONI #сетевая_фильтрация
-
Как технически устроена DPI-фильтрация у российских провайдеров и как её детектировать: разбор open-source инструментов
В последние пару лет любой пользователь рунета научился различать “интернет дома” и “интернет в гостях у бабушки”. На одном провайдере YouTube открывается, на другом нет. Это ощущается как непредсказуемость, но за каждой такой деградацией стоят вполне конкретные технические механизмы. Запустил open-source инструмент dpi-checkers на трёх своих подключениях, разобрался с методами TCP 16-20 и CIDR-вайтлистами и расскажу, что технически происходит с вашим трафиком на L4 — от SNI-фильтрации до QUIC-блокировок.
https://habr.com/ru/articles/1033456/
#DPI #deep_packet_inspection #TCP #TLS #SNI #CIDR #цензура #OONI #сетевая_фильтрация
-
Как технически устроена DPI-фильтрация у российских провайдеров и как её детектировать: разбор open-source инструментов
В последние пару лет любой пользователь рунета научился различать “интернет дома” и “интернет в гостях у бабушки”. На одном провайдере YouTube открывается, на другом нет. Это ощущается как непредсказуемость, но за каждой такой деградацией стоят вполне конкретные технические механизмы. Запустил open-source инструмент dpi-checkers на трёх своих подключениях, разобрался с методами TCP 16-20 и CIDR-вайтлистами и расскажу, что технически происходит с вашим трафиком на L4 — от SNI-фильтрации до QUIC-блокировок.
https://habr.com/ru/articles/1033456/
#DPI #deep_packet_inspection #TCP #TLS #SNI #CIDR #цензура #OONI #сетевая_фильтрация
-
Как технически устроена DPI-фильтрация у российских провайдеров и как её детектировать: разбор open-source инструментов
В последние пару лет любой пользователь рунета научился различать “интернет дома” и “интернет в гостях у бабушки”. На одном провайдере YouTube открывается, на другом нет. Это ощущается как непредсказуемость, но за каждой такой деградацией стоят вполне конкретные технические механизмы. Запустил open-source инструмент dpi-checkers на трёх своих подключениях, разобрался с методами TCP 16-20 и CIDR-вайтлистами и расскажу, что технически происходит с вашим трафиком на L4 — от SNI-фильтрации до QUIC-блокировок.
https://habr.com/ru/articles/1033456/
#DPI #deep_packet_inspection #TCP #TLS #SNI #CIDR #цензура #OONI #сетевая_фильтрация
-
⚡ Reticulum: la rete senza provider e senza TCP/IP che reinventa la connettività. Identità crittografica, zero indirizzi IP e routing dinamico per ambienti con banda limitata e connessioni intermittenti.
https://gomoot.com/reticulum-lidea-di-una-rete-senza-tcp-ip/ -
I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.
https://blog.zaramis.se/2026/05/04/internet-skapas/ -
I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.
https://blog.zaramis.se/2026/05/04/internet-skapas/ -
I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.
https://blog.zaramis.se/2026/05/04/internet-skapas/ -
I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.
https://blog.zaramis.se/2026/05/04/internet-skapas/ -
I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.
https://blog.zaramis.se/2026/05/04/internet-skapas/ -
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure
A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.
Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti
-
Hikvision amplia la gamma intrusion con MX Hybrid, centrale ibrida per sistemi evoluti: Hikvision presenta MX Hybrid, la nuova centrale ibrida che completa l’offerta intrusion combinando tecnologia cablata e wireless in un’unica soluzione...
#Hikvision #centrale #wireless #TCP/IP #sicurezza http://dlvr.it/TSKftl -
Hikvision amplia la gamma intrusion con MX Hybrid, centrale ibrida per sistemi evoluti: Hikvision presenta MX Hybrid, la nuova centrale ibrida che completa l’offerta intrusion combinando tecnologia cablata e wireless in un’unica soluzione...
#Hikvision #centrale #wireless #TCP/IP #sicurezza http://dlvr.it/TSKftl -
DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
An exposed open directory on a Netherlands-hosted server revealed the complete operational toolkit of xlabs_v1, a Mirai-derived IoT botnet operated by an actor using the handle Tadashi. The operation provides DDoS-for-hire services specifically targeting game servers and Minecraft hosts through 21 distinct flood attack variants. The botnet exploits Android Debug Bridge (ADB) on TCP/5555 to compromise over 4 million potentially vulnerable IoT devices including Android TV boxes, smart TVs, and routers. The operation features bandwidth profiling to price-tier infected devices, ChaCha20 string encryption with cryptographic weaknesses, and competitor-eradication routines. Infrastructure analysis consolidated the entire operation within a single bulletproof /24 netblock in the Netherlands, with co-located cryptojacking infrastructure also identified.
Pulse ID: 69f25f09e5c3a33611f7cb16
Pulse Link: https://otx.alienvault.com/pulse/69f25f09e5c3a33611f7cb16
Pulse Author: AlienVault
Created: 2026-04-29 19:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #ChaCha20 #CryptoJacking #CyberSecurity #DDoS #DoS #Encryption #InfoSec #IoT #Minecraft #Mirai #OTX #OpenThreatExchange #RAT #TCP #TheNetherlands #bot #botnet #AlienVault
-
DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
An exposed open directory on a Netherlands-hosted server revealed the complete operational toolkit of xlabs_v1, a Mirai-derived IoT botnet operated by an actor using the handle Tadashi. The operation provides DDoS-for-hire services specifically targeting game servers and Minecraft hosts through 21 distinct flood attack variants. The botnet exploits Android Debug Bridge (ADB) on TCP/5555 to compromise over 4 million potentially vulnerable IoT devices including Android TV boxes, smart TVs, and routers. The operation features bandwidth profiling to price-tier infected devices, ChaCha20 string encryption with cryptographic weaknesses, and competitor-eradication routines. Infrastructure analysis consolidated the entire operation within a single bulletproof /24 netblock in the Netherlands, with co-located cryptojacking infrastructure also identified.
Pulse ID: 69f25f09e5c3a33611f7cb16
Pulse Link: https://otx.alienvault.com/pulse/69f25f09e5c3a33611f7cb16
Pulse Author: AlienVault
Created: 2026-04-29 19:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #ChaCha20 #CryptoJacking #CyberSecurity #DDoS #DoS #Encryption #InfoSec #IoT #Minecraft #Mirai #OTX #OpenThreatExchange #RAT #TCP #TheNetherlands #bot #botnet #AlienVault
-
DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
An exposed open directory on a Netherlands-hosted server revealed the complete operational toolkit of xlabs_v1, a Mirai-derived IoT botnet operated by an actor using the handle Tadashi. The operation provides DDoS-for-hire services specifically targeting game servers and Minecraft hosts through 21 distinct flood attack variants. The botnet exploits Android Debug Bridge (ADB) on TCP/5555 to compromise over 4 million potentially vulnerable IoT devices including Android TV boxes, smart TVs, and routers. The operation features bandwidth profiling to price-tier infected devices, ChaCha20 string encryption with cryptographic weaknesses, and competitor-eradication routines. Infrastructure analysis consolidated the entire operation within a single bulletproof /24 netblock in the Netherlands, with co-located cryptojacking infrastructure also identified.
Pulse ID: 69f25f09e5c3a33611f7cb16
Pulse Link: https://otx.alienvault.com/pulse/69f25f09e5c3a33611f7cb16
Pulse Author: AlienVault
Created: 2026-04-29 19:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #ChaCha20 #CryptoJacking #CyberSecurity #DDoS #DoS #Encryption #InfoSec #IoT #Minecraft #Mirai #OTX #OpenThreatExchange #RAT #TCP #TheNetherlands #bot #botnet #AlienVault
-
DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
An exposed open directory on a Netherlands-hosted server revealed the complete operational toolkit of xlabs_v1, a Mirai-derived IoT botnet operated by an actor using the handle Tadashi. The operation provides DDoS-for-hire services specifically targeting game servers and Minecraft hosts through 21 distinct flood attack variants. The botnet exploits Android Debug Bridge (ADB) on TCP/5555 to compromise over 4 million potentially vulnerable IoT devices including Android TV boxes, smart TVs, and routers. The operation features bandwidth profiling to price-tier infected devices, ChaCha20 string encryption with cryptographic weaknesses, and competitor-eradication routines. Infrastructure analysis consolidated the entire operation within a single bulletproof /24 netblock in the Netherlands, with co-located cryptojacking infrastructure also identified.
Pulse ID: 69f25f09e5c3a33611f7cb16
Pulse Link: https://otx.alienvault.com/pulse/69f25f09e5c3a33611f7cb16
Pulse Author: AlienVault
Created: 2026-04-29 19:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #ChaCha20 #CryptoJacking #CyberSecurity #DDoS #DoS #Encryption #InfoSec #IoT #Minecraft #Mirai #OTX #OpenThreatExchange #RAT #TCP #TheNetherlands #bot #botnet #AlienVault
-
DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
An exposed open directory on a Netherlands-hosted server revealed the complete operational toolkit of xlabs_v1, a Mirai-derived IoT botnet operated by an actor using the handle Tadashi. The operation provides DDoS-for-hire services specifically targeting game servers and Minecraft hosts through 21 distinct flood attack variants. The botnet exploits Android Debug Bridge (ADB) on TCP/5555 to compromise over 4 million potentially vulnerable IoT devices including Android TV boxes, smart TVs, and routers. The operation features bandwidth profiling to price-tier infected devices, ChaCha20 string encryption with cryptographic weaknesses, and competitor-eradication routines. Infrastructure analysis consolidated the entire operation within a single bulletproof /24 netblock in the Netherlands, with co-located cryptojacking infrastructure also identified.
Pulse ID: 69f25f09e5c3a33611f7cb16
Pulse Link: https://otx.alienvault.com/pulse/69f25f09e5c3a33611f7cb16
Pulse Author: AlienVault
Created: 2026-04-29 19:42:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #ChaCha20 #CryptoJacking #CyberSecurity #DDoS #DoS #Encryption #InfoSec #IoT #Minecraft #Mirai #OTX #OpenThreatExchange #RAT #TCP #TheNetherlands #bot #botnet #AlienVault
-
🔗 Understanding Traceroute
https://tech.stonecharioteer.com/posts/2026/traceroute/
#tools #rust #networking #tcp #deepdive -
RTF Exploit Installs RAT: uWarrior
An unknown Italian-origin threat actor has developed uWarrior, a Remote Access Tool delivered through weaponized RTF documents containing multiple exploits. The attack chain leverages CVE-2012-1856 with a novel ROP chain and CVE-2015-1770 to bypass ASLR protections by loading non-DYNAMICBASE compiled DLLs through OLE objects. The fully-featured RAT uses compressed, optionally encrypted TCP communications with binary message protocols for command and control. Analysis reveals the actor borrowed components from off-the-shelf tools, particularly the ctOS RAT, sharing similar configuration structures and code functions. uWarrior provides extensive capabilities including remote command execution, file manipulation, system control, software enumeration and uninstallation, and data exfiltration. The malware establishes persistence and communicates with C2 servers using AES encryption.
Pulse ID: 69eb45ce7c704d3df21996a2
Pulse Link: https://otx.alienvault.com/pulse/69eb45ce7c704d3df21996a2
Pulse Author: AlienVault
Created: 2026-04-24 10:28:30Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #ELF #Encryption #InfoSec #Italian #Malware #OTX #OpenThreatExchange #RAT #RTF #RemoteCommandExecution #TCP #bot #AlienVault