[rescue] Disassembler for boot proms
Mouse
mouse at Rodents-Montreal.ORG
Mon Jan 20 13:21:52 EST 2025
Yesterday, I wrote various stuff in this thread about some of my git
repos and such.
Shortly after the first such mail, I found evidence in my logs that
someone was, effectively, swapping out git:// for http:// and trying to
fetch the resulting URL. I dropped a note to the list pointing this
out, and (possibly in consequence, possibly not) the attempts (and the
border-router bans they provoked) stopped.
Then, more recently, I wrote about a handful of other repos and my logs
again show attempts at HTTP fetches of the paths I mentioned.
I speculate that someone has something automated that's replacing the
git:// with http:// and trying to fetch the result. I strongly suggest
that anyone using such software shut it off; letting something as
untrusted as a mailing-list message cause you to perform an HTTP fetch
of a URL of a (putative) attacker's choosing is an extremely bad idea.
This is a relatively benign example of why.
Yesterday, I manually lifted the bans I saw. I'm no longer doing that
on my own initiative; if you think you've fallen afoul of such a ban,
get the relevant IP address to me and I can check and, if it's banned,
remove it. Or you can just not send anything to my /29 (v4) or /60
(v6) for a week; my router bans time out after a week of seeing no
traffic from the banned IP.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the rescue
mailing list