Closed huayra closed 12 years ago
comotion
commented
12 years ago The following signature was added to prads.delta9.pl :
S10:57:1:60:M1460,S,T,N,W7:.:Linux:2.6(Ubuntu 11.04 huayra)
please test, we will include the sig if we can verify it on a different machine and it doesn't introduce falsepositives.
The chromium user-agent did not get snapped up by prads this time around. Reloading should help.
huayra
commented
12 years ago that worked after a reload, indeed... Now testing firefox I got this:
PRADS me now! Your ip is 87.238.43.241. Here's what we got on you:
prads-asset-report - PRADS Text Reporting Module 0.3 - 2011-10-06 http://github.com/gamelinux/prads/
1 ------------------------------------------------------ IP: 87.238.43.241 DNS: dhcp241.varnish-software.com OS: Linux 2.6 (Ubuntu 11.04 huayra) (80%) 2
Port Service TCP-Application 80 CLIENT 80 CLIENT
Location: NO, Norway
Raw log: 87.238.43.241,0,54854,6,SYN,[S10:57:1:60:M1460,S,T,N,W7:.:unknown:unknown:link:ethernet/modem:uptime:10hrs],7,1317931236 87.238.43.241,0,54854,6,ACK,[115:57:1:0:N,N,T:AT:Linux:2.4(newer)/2.6:uptime:10hrs],7,1317931236 87.238.43.241,0,80,6,CLIENT,[http:],7,1317931236 87.238.43.241,0,54854,6,FIN,[154:57:1:52:N,N,T:ATFN:unknown:unknown:uptime:10hrs],7,1317931247 87.238.43.241,0,54571,6,SYN,[S10:56:1:60:M1460,S,T,N,W7:.:Linux:2.6 (Ubuntu 11.04 huayra):link:ethernet/modem:uptime:10hrs],8,1317932567 87.238.43.241,0,54571,6,ACK,[115:56:1:0:N,N,T:AT:Linux:2.4(newer)/2.6:uptime:10hrs],8,1317932567 87.238.43.241,0,80,6,CLIENT,[http:],8,1317932567 87.238.43.241,0,54571,6,FIN,[318:56:1:52:N,N,T:ATFN:unknown:unknown:uptime:10hrs],8,1317932573
Help us improve the quality of our fingerprints. If the stuff above doesn't match, drop us a line and let us know by opening a new issue on the PRADS project page.
Wow, i love crowd sourcing. it gives individuals like me the feeling of empowerment!
R. :D
On Thu, Oct 6, 2011 at 10:15 PM, Kacper Why reply@reply.github.com wrote:
The following signature was added to prads.delta9.pl :
S10:57:1:60:M1460,S,T,N,W7:.:Linux:2.6(Ubuntu 11.04 huayra)
please test, we will include the sig if we can verify it on a different machine and it doesn't introduce falsepositives.
The chromium user-agent did not get snapped up by prads this time around. Reloading should help.
Reply to this email directly or view it on GitHub: https://github.com/gamelinux/prads/issues/9#issuecomment-2314478
huayra
commented
12 years ago Opera:
PRADS me now! Your ip is 87.238.43.241. Here's what we got on you: prads-asset-report - PRADS Text Reporting Module 0.3 - 2011-10-06 http://github.com/gamelinux/prads/
1 ------------------------------------------------------ IP: 87.238.43.241 DNS: dhcp241.varnish-software.com OS: Linux 2.6 (Ubuntu 11.04 huayra) (80%) 3
Port Service TCP-Application 80 CLIENT 80 CLIENT
Location: NO, Norway
Raw log: 87.238.43.241,0,54854,6,SYN,[S10:57:1:60:M1460,S,T,N,W7:.:unknown:unknown:link:ethernet/modem:uptime:10hrs],7,1317931236 87.238.43.241,0,54854,6,ACK,[115:57:1:0:N,N,T:AT:Linux:2.4(newer)/2.6:uptime:10hrs],7,1317931236 87.238.43.241,0,80,6,CLIENT,[http:],7,1317931236 87.238.43.241,0,54854,6,FIN,[154:57:1:52:N,N,T:ATFN:unknown:unknown:uptime:10hrs],7,1317931247 87.238.43.241,0,54571,6,SYN,[S10:56:1:60:M1460,S,T,N,W7:.:Linux:2.6 (Ubuntu 11.04 huayra):link:ethernet/modem:uptime:10hrs],8,1317932567 87.238.43.241,0,54571,6,ACK,[115:56:1:0:N,N,T:AT:Linux:2.4(newer)/2.6:uptime:10hrs],8,1317932567 87.238.43.241,0,80,6,CLIENT,[http:],8,1317932567 87.238.43.241,0,54571,6,FIN,[318:56:1:52:N,N,T:ATFN:unknown:unknown:uptime:10hrs],8,1317932573 87.238.43.241,0,40099,6,SYN,[S10:56:1:60:M1460,S,T,N,W1:.:unknown:unknown:link:ethernet/modem:uptime:11hrs],8,1317935128 Help us improve the quality of our fingerprints. If the stuff above doesn't match, drop us a line and let us know by opening a new issue on the PRADS project page.
2011/10/6 Rubén Romero y Cordero huayra@ubuntu.com:
that worked after a reload, indeed... Now testing firefox I got this:
PRADS me now! Your ip is 87.238.43.241. Here's what we got on you:
prads-asset-report - PRADS Text Reporting Module 0.3 - 2011-10-06 http://github.com/gamelinux/prads/
1 ------------------------------------------------------ IP: 87.238.43.241 DNS: dhcp241.varnish-software.com OS: Linux 2.6 (Ubuntu 11.04 huayra) (80%) 2
Port Service TCP-Application 80 CLIENT 80 CLIENT
Location: NO, Norway
Raw log: 87.238.43.241,0,54854,6,SYN,[S10:57:1:60:M1460,S,T,N,W7:.:unknown:unknown:link:ethernet/modem:uptime:10hrs],7,1317931236 87.238.43.241,0,54854,6,ACK,[115:57:1:0:N,N,T:AT:Linux:2.4(newer)/2.6:uptime:10hrs],7,1317931236 87.238.43.241,0,80,6,CLIENT,[http:],7,1317931236 87.238.43.241,0,54854,6,FIN,[154:57:1:52:N,N,T:ATFN:unknown:unknown:uptime:10hrs],7,1317931247 87.238.43.241,0,54571,6,SYN,[S10:56:1:60:M1460,S,T,N,W7:.:Linux:2.6 (Ubuntu 11.04 huayra):link:ethernet/modem:uptime:10hrs],8,1317932567 87.238.43.241,0,54571,6,ACK,[115:56:1:0:N,N,T:AT:Linux:2.4(newer)/2.6:uptime:10hrs],8,1317932567 87.238.43.241,0,80,6,CLIENT,[http:],8,1317932567 87.238.43.241,0,54571,6,FIN,[318:56:1:52:N,N,T:ATFN:unknown:unknown:uptime:10hrs],8,1317932573
Help us improve the quality of our fingerprints. If the stuff above doesn't match, drop us a line and let us know by opening a new issue on the PRADS project page.
Wow, i love crowd sourcing. it gives individuals like me the feeling of empowerment!
R. :D
On Thu, Oct 6, 2011 at 10:15 PM, Kacper Why reply@reply.github.com wrote:
The following signature was added to prads.delta9.pl :
S10:57:1:60:M1460,S,T,N,W7:.:Linux:2.6(Ubuntu 11.04 huayra)
please test, we will include the sig if we can verify it on a different machine and it doesn't introduce falsepositives.
The chromium user-agent did not get snapped up by prads this time around. Reloading should help.
Reply to this email directly or view it on GitHub: https://github.com/gamelinux/prads/issues/9#issuecomment-2314478
comotion
commented
12 years ago these lines: 87.238.43.241,0,80,6,CLIENT,[http:],8,1317932567 indicate that we are seeing your client request but not seeing your browser headers, best guess is because of something along the way is eating the headers. I would need to tcpdump your session to see what's going on.
huayra
commented
12 years ago that I can fix. will send it in private email when I get a chance.
R
On 10/8/11, Kacper Why reply@reply.github.com wrote:
these lines: 87.238.43.241,0,80,6,CLIENT,[http:],8,1317932567 indicate that we are seeing your client request but not seeing your browser headers, best guess is because of something along the way is eating the headers. I would need to tcpdump your session to see what's going on.
Reply to this email directly or view it on GitHub: https://github.com/gamelinux/prads/issues/9#issuecomment-2329139
ssm
commented
12 years ago Thanks, new signatures are always needed. :)
comotion
commented
12 years ago also, bugfix for issue #13 fixes the empty logline
this is wrong:
prads-asset-report - PRADS Text Reporting Module 0.3 - 2011-10-06 http://github.com/gamelinux/prads/
1 ------------------------------------------------------ IP: 87.238.43.241 DNS: dhcp241.varnish-software.com OS: unknown unknown (0%) 1
Port Service TCP-Application
80 CLIENT
Location: NO, Norway
My OS is Ubuntu 11.04 My Browser is Chromium 12.0.742.112 (90304) Ubuntu 11.04
Hope this helps!