CureZone   Log On   Join
Re: WRH now banned in Australia and New Zealand

Beautiful Skin From Powerful Oils and Roses
Remove signs of aging by renewing skin cel...

New lower prices!
Hulda Clark Cleanses

ciscokid Views: 1,447
Published: 11 years ago
This is a reply to # 1,574,056

Re: WRH now banned in Australia and New Zealand

I am going to be dense and ask... what is WRH?

EDIT: Nevermind. I looked at the first post and the crafted URL and see what it is. I spent 2 seconds on the first view earlier today and didn't pay too closer attention to this before, but on looking at the crafted URL and the redirect, I am pretty sure what is going on here.

This is almost certainly a case of packet filtering, where a policy at the network layer (layer 3) has been created at the router level or via applications like MODSEC at the application layer (layer 7), either at the ISP or the hosted location for the web site in question, where when a particular INGRESS crafted string is detected, a packet filtering ruleset triggers and an EGRESS response is something like in this case, a forced traceroute which in this case, is (note the cgi scriipt, a shell scriipt spawned on a microsoft box). Packet filtering is a common thing at the router or web server daemon layer. I set these up all when I create, which I am doing less of now. But would get into some nasty little INGRESS policies for crafted packets, especially when these 'attacks' were propagated against known vulnerabilities like Microsoft products which are notorious for having huge, gaping exposure. Sometimes when these signatures triggered the policies I had set up at the network or application layer, I'd redirect the attackers back out to say,
of some such location.

Anyway, above is complete gobbletygook I know. Only to suggest the redirect is spawned by a microsoft box, running a cgi scriipt that generated a traceroute to WRH which is almost guaranteed to fail because years ago, traceroutes (and ICMP packets aka ping packets) began to be blocked as a default policy at the router level due to the congestion and bad intentions of these protocol layers. Spawning a traceroute from anywhere to anywhere is almost guaranteed to fail because of this standard practice, so this would not be a good indicator or say, a country border policy towards blocking stuff. Spawning a traceroute would practically guarantee a 'false positive' as the cliche goes. I should have recognized all this on first glance, but was snoozing at the wheel when I saw the post. And the above is boring as all get-out, but all is meant to humor myself as it does allow for the occasional brain flex. Boooooorrrriiiiiiiing.

Printer-friendly version of this page Email this message to a friend
Alert Moderators
Report Spam or bad message  Alert Moderators on This GOOD Message

This Forum message belongs to a larger discussion thread. See the complete thread below. You can reply to this message!


Donate to CureZone

CureZone Newsletter is distributed in partnership with

Contact Us - Advertise - Stats

Copyright 1999 - 2021

4.500 sec, (2)