Home > Computers > Talk Talk following me

Talk Talk following me

June 20th, 2011

Hah, take that sTalksTalk (TalkTalk stalking bot).

Basically I was looking in my server logs and noticed that something called TalkTalk Virus Alerts Scanning Engine was accessing files which noone knows about, stuff I was working on. That means they are scanning what urls I access. (You can read about it here: https://nodpi.org/2010/08/07/talktalk-becomes-stalkstalk/)

After googleing I found they’ve been doing for a while, and haven’t been stopped; they claim its part of their “HomeSafe” thing, you can Google it.

So, I thought, can I play with the bot? So I set up one of my fast servers that whenever a random string at a particular url it would server up a 500MB file (The server has a 1gbit pipe and unlimited b/w so it’s no prob to that) (Like a honeypot)

Then I made a quick page which just kept loading random urls on my server, my script would instantly disconnect, just sending the request. This means there was no real load on my home broadband but their bot would pick up the request.

I then sat watching the server throughput shoot up and saw the requests from the bot flooding in about a minute after I started.

I left it going on two pcs and did some other stuff…

A few min later the trigger scripts had both sent about 10,000requests. I looked at the logs and noticed the Talktalk bot was no longer sending anything…

I then checked it hadn’t just blocked the url/ip of the server with the honeypot on by trying another domain I hadn’t used yet.

So far there’s been no request from the bot to the new domain/ip, so either I broke their servers (Extremely unlikely, seeing as they are scanning hundred of thousands peoples broadband urls) or I was blacklisted (Most likely).

Either way it means they won’t scan my url. If it starts up again I’ll step up the honeypotting.

  1. Tom Taylor
    June 20th, 2011 at 19:00 | #1

    thats class hector :) good job!

  2. Human
    August 20th, 2011 at 11:34 | #2

    OMG, edexcel live texts gone :'(

Comments are closed.