Tracking Proxy Scans with IPv4.Games
Today, I saw a proxy scan that was a little bit different:
http://ipv4.games/claim?name=gang
http://ipv4.games/claim?name=napucan
I wasn't familiar with ipv4.games, so of course, I had to check out the site. I liked it for a couple of reasons. First, the design is just how I think ISC should look. Second, the site's purpose is somewhat like what "hacking" was like when I first got into security. The site will track how many different IP addresses you can connect from.
There are various "leaderboards" based on the number of IP addresses or networks that a particular player was able to connect from. There appears to be no authentication or other fancy newfangled stuff. Instead, you add your username to the URL, and well, if someone else copies your username, they will just help you increase your "rank". There are also some options to associate an email address or a URL with your username.
We are seeing this URL in proxy scans because, of course, no game is fun without a bit of cheating. Or maybe it isn't even cheating but part of the game to find proxies, and have the proxies IP associated with your account. Personally, I do not consider this kind of proxy scan all that malicious. On the other hand, the IPv4.Games site may give attackers hints as to where to look for proxies, assuming many of the "claimed" IPs are proxy servers.
ipv6.games appears to be registered but not active at this time.
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
Comments