On Wed, 2016-06-01 at 15:05 +0200, Renaud Allard wrote: > Given the name of the host researchscanXXX, may I assume you have used a > server to test the crypto? So if it has indeed attempted some kind of > brute force, maybe grsec was right.
Its an Internet pest from the USA's Michigan University. ~~~~~~ In February 2014, they stated "These connections are part of an Internet-wide network survey being conducted by computer scientists at the University of Michigan. The survey involves making TCP connection attempts to large subsets of the public IP address space and analyzing the responses. We select addresses to contact in a random order, and each address receives only a very small number of connection attempts. We do not attempt to guess passwords or access data that is not publicly visible at the address. Some of our previous results can be found at http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf." "If these scans are causing problems, we would be happy to exclude your IP address from future research scans." ~~~~~~ In February 2015 they stated "We understand if you'd like to drop scan related traffic. If you are going to do this, the correct subnets to blacklist are 141.212.121.0/24 and 141.212.122.0/24" ~~~~~~ -- Regards, Paul. England, EU. England's place is in the European Union. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/