7577 entries in 0.135s
Framedragger:
http://btcbase.org/log/2016-05-22#1470431 << hmh actually not sure now. it doesn't seem that the email addy in the ssh host's pubkey is sent to client. yet you're right in that the email addy is included (in e.g. /etc/ssh/ssh_host_rsa_key.pub). will check (ssh-keyscan explicitly doesn't give/relay it though)
☝︎ Framedragger: "trinque: Framedragger: if you get tired of aws, there's this cheap-as-shit DC called Joe's Datacenter I've been using" << sooo :) do you know by any chance if *they* are behind any stupid gear which may filter out mass scans?
Framedragger: (ah more like, they arbor networks' gear, but i was advised the latter may preemptively throttle / filter out scans)
Framedragger: oh god damn it, apparently amazon aws is behind one of those "we protect you" things - arbor networks - these folks detect scans and filter them. fuck amazon, then
Framedragger: no worries - actual scanning progress will apparently be slow anyway..
Framedragger: i guess i'll give the results in that format for those 95k ssh hosts (actual number of keys will be lower, i can see that some of those hosts are providing clients a nil set of encryption mechanisms, etc etc
Framedragger: mircea_popescu: asciilifeform: in regards to ssh key spidering, it's best then to produce output in the form of e,N,comment - is that right? (where comment in this case would be the ip addr)
Framedragger: something something "gay ppl have to use [udp] holepunching (to get through NATs)"
Framedragger: so what you're saying is there's no ip exhaustion crisis at all!
Framedragger: hum, no girl ever sucking licking my well-shaven balls :/
Framedragger: i'm now running the reliable but slower ssh-keyscan on the 95k ssh-running IPs just to get a decent sample. will later revisit wtf zmap is doing
Framedragger: ..hrm. zmap finished scanning sixteen /8's (so a sixteenth of ipv4 space, minus reserved blocks), but in those blocks there were two known servers running openssh which was picked up by ssh-keyscan. they weren't picked up by zmap. if the thing is unreliable then it's worthless (it still found > 95k of ssh servers though, but...)
☟︎ Framedragger: ah ok thanks for the explanation! more logs.... :)
Framedragger: ^ re. product-security@apple.com's key, or is that some broken sub-key of the master key, or somesuch? (broken 'cause of the "Modulus has mirrored low-order 32 bits !", for whatever original cause/reason)
☟︎ Framedragger: (that zmap paper matches this estimate btw - 4.5min was it - 10gbps pipe - lessay 1GiB/s for 270sec => 270GiB; vs 2^32 / 14600 * 0.0002 * 4.2 = 247GiB)
Framedragger will one day attempt to participate in such discussion, anomism, hmm...
Framedragger: when i was walking outside thinking of $ i got a similar figure in mind - lower bound maybe $30 and upper maybe $70, but prob $/GB rate was off in my mind
Framedragger: approx 4.2 GB of bandwidth used for 14.6k sshd-running IPs, hit rate ~= 0.02% (these are rather random, not guaranteed-to-be-used (only definitely not in reserved blocks) subnets it's possible zmap just doesn't flush to file that often at all - will check later wtf's happening). $0.155 per GB of bandwidth (first 15 GB free). running for 72 min
Framedragger: (ah it seems zmap's saturated the 100mbps pipe quite efficiently. yeah will let you know re. cost, prob sooner than expected heh)
Framedragger: gon take some time to even start incurring cost tho
Framedragger: they'll start charging for bandwidth sooner or later
Framedragger: i mean, i'm using some sort of free tier now, lols. should be cheap..
Framedragger: mircea_popescu: to get list of machines listening on port 22 using zmap on amazon aws micro instance with 100 mbps pipe, it takes approx 9-10 minutes per /16. note, only what's listening on port 22, but ssh-keyscan should then plough through pretty quickly. will later run more tests, i'll leave a single instance to scan some /16s to then feed into ssh-keyscan
Framedragger: [dodges the "that's not the proper translation" discussion]
Framedragger: by all means, keep reinforcing the "nothing outside the text" notion ! but yeah, good to revisit
Framedragger: didyouknow, someone wrote a graphing library which mimicks xkcd graph style. iirc it's actually quite nice, insofar as hipster things can be nice. shitlikethat...
Framedragger: you're still using $framework? GO BACK TO YER CAVE
Framedragger: well i did use "folks" which isn't a word from the most high register so to speak :)
Framedragger: no but for real. thing is, cs folk usually haven't even read their own "definitive" texts (shannon, e.g.)
Framedragger: yeah i can't hold interesting convos with these cs people for long sometimes, it's like, fuck you humanity you suck
Framedragger: wonder if whole log would become references to itself, il n'y a pas de hors-texte and all that
Framedragger: man i need some tool which autosearches from logs while i type in irc
Framedragger: shitloads of webcams, "secure" printers etc (of course)
Framedragger: something something avoids having to take care of timeouts (is stateless) by putting custom info in packets / "SYN cookies" something
Framedragger: but yeah need to think of bigger scales here.. short-term aws/azure farms, whatnot
Framedragger: nono, i just mean, i can just use that particular machine for dirty work, cause i can't use that ip for other purposes anyway, it's tainted
Framedragger remembers he has a disposable tor exit node on digitalocean, can use that one
Framedragger: no just a server with probably 50 mbps good uplink
Framedragger: i'm considering running zmap on high-throughput server to quickly get all internet-connected machines in ipv4 space, and then feeding that into ssh-keyscan. may be more efficient. also need to get some disposable ip addresses or something, cause according to internet my coupla server IPs will soon be added to some shitlist
Framedragger: this was using single machine only - scanning with two now, will add third one when i have a few min. but yeah it's overall slow i guess you could say
Framedragger: mircea_popescu: with timeout per host set to 5sec (default) and unaltered parallel scanning setting (ssh-keyscan does parallel stuff pretty well but it may not be best for scanning huge numbers of hosts; case in point: default version for ubuntu 14.04 terminates if a single remote host closes conn prematurely - needed to patch this..), it took ~65 minutes (i've started logging timestamps afterwards but this is prob quite accurate). this
Framedragger: mircea_popescu: (got 2768 ssh-rsa keys on a test run on a populated /16... this will be fun.)
Framedragger: those @-webkit-keyframes .... yeah i can see that :)
Framedragger: i like the /* yolo: */ in the source, where it specifies the font right there in the source, because fuck it
Framedragger: mircea_popescu: well. i guess the spider could could include a ipv6 address crawler to populate a ipv6 address list. but beyond that?
Framedragger: someone who can do web development without considering nodejs, js, nosql, etc etc, just for some initial constraints? :D
Framedragger is a non-bullshit wwwtronicist, depending on definition. are you folks looking for some clean www read-only interface to a db? sorry for much interjection
Framedragger: so, like, presumably, one would want keys of ssh servers that are behind *all* routable public ipv4 addresses?
Framedragger: but kk, it's clear it's not relevant to current effort as current effort is about factorization of rsa keys
Framedragger: well, not factoring it of course, but just hoarding it for laters
Framedragger: ssh-keyscan nicely gives all keys presented by server, usually includes ecdsa
Framedragger: mircea_popescu: of course. :) btw can i assume that ecdsa keys are not of interest? only rsa?
Framedragger: mircea_popescu: that was useful. so btw this fromphuctor__, i take it he hasn't much reappeared. was good idea, his