Your Fly Is Open

Netmenaces and Other Internet Stupidity

Ethereum Bro, Go Home

2022-01-07 3 min read attacks

I’m kinda done with the whole entitled mindset associated with a lot of the cryptocurrency community.

First of all, children, we were using the term “crypto” for “cryptography” back when most of you were still pooping yellow, so please stop trying to co-opt that phraseology for your wasteful toy currency and push yourselves to use the entire word, “cryptocurrency.” I’m sure you can somehow muddle through.

Secondly, stop acting like your hobby is God’s gift to the world and not the frickin’ pyramid scheme that it obviously is.

Finally, your “let the world burn” attitude when it comes to your altcoins, NFTs, and every other freakishly stupid waste of power that you can come up with, has seeped into the Internet Menaces that have appeared like ticks on the bloated carcass you’ve become. That kinda pisses me off…

To whit, I was blessed with the following garbage hitting on 56,855 different TCP ports earlier today:

Jan  7 20:08:13 sensor: PacketTime:2022-01-07 20:08:13.113250 Len:237 IPv4/TCP 217.12.218.106:59524 -> 52018 ID:61018 TOS:0x28, TTL:46 IpLen:20 DgLen:223 *AP*** Seq:0xe2801897 Ack:0x2ca8a49e Win:0xfaf0 TcpLen:20 Resp:A
00000000  50 4f 53 54 20 2f 20 48 - 54 54 50 2f 31 2e 31 0d  |POST / HTTP/1.1.|
00000010  0a 48 6f 73 74 3a 20 61 - 61 61 2e 62 62 62 2e 63  |.Host: aaa.bbb.c|
00000020  63 63 2e 64 64 64 3a 35 - 32 30 31 38 0d 0a 41 63  |cc.ddd:52018..Ac|
00000030  63 65 70 74 3a 20 2a 2f - 2a 0d 0a 41 63 63 65 70  |cept: */*..Accep|
00000040  74 2d 45 6e 63 6f 64 69 - 6e 67 3a 20 67 7a 69 70  |t-Encoding: gzip|
00000050  2c 20 64 65 66 6c 61 74 - 65 0d 0a 55 73 65 72 2d  |, deflate..User-|
00000060  41 67 65 6e 74 3a 20 50 - 79 74 68 6f 6e 2f 33 2e  |Agent: Python/3.|
00000070  38 20 61 69 6f 68 74 74 - 70 2f 33 2e 36 2e 33 0d  |8 aiohttp/3.6.3.|
00000080  0a 43 6f 6e 74 65 6e 74 - 2d 4c 65 6e 67 74 68 3a  |.Content-Length:|
00000090  20 36 37 0d 0a 43 6f 6e - 74 65 6e 74 2d 54 79 70  | 67..Content-Typ|
000000a0  65 3a 20 61 70 70 6c 69 - 63 61 74 69 6f 6e 2f 6a  |e: application/j|
000000b0  73 6f 6e 0d 0a 0d 0a    -                          |son....         |
Jan  7 20:08:13 sensor: PacketTime:2022-01-07 20:08:13.115311 Len:121 IPv4/TCP 217.12.218.106:59524 -> 52018 ID:61019 TOS:0x28, TTL:46 IpLen:20 DgLen:107 *AP*** Seq:0xe280194e Ack:0x2ca8a49e Win:0xfaf0 TcpLen:20 Resp:A
00000000  7b 22 6a 73 6f 6e 72 70 - 63 22 3a 20 22 32 2e 30  |{"jsonrpc": "2.0|
00000010  22 2c 20 22 6d 65 74 68 - 6f 64 22 3a 20 22 6e 65  |", "method": "ne|
00000020  74 5f 76 65 72 73 69 6f - 6e 22 2c 20 22 70 61 72  |t_version", "par|
00000030  61 6d 73 22 3a 20 5b 5d - 2c 20 22 69 64 22 3a 20  |ams": [], "id": |
00000040  36 37 7d                -                          |67}             |

Seriously?!?

You’re that hard up that you need to scan 56,855 different ports to see if you can find an Ethereum mining rig so you can try to scam some Ether? You’re talented enough that you can write a scanner using an asynchronous Python HTTP library, and this is how you use your brain?

Ethereum bro, go home… you’re drunk.

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
Mastodon: @tliston@infosec.exchange
Twitter (yes, I know… X): @tliston
January 7, 2022

P.S.: And to the cut-rate VPS provider giving unlimited network traffic to anyone with €3.95/month (and not even pretending to monitor outbound traffic) fuck you… You’re the real problem here.