I'm confused, the first post said valid credentials, is that what everyone
else is seeing?

Nearly all valid creds seems weirder than mostly invalid... modulo whatever
amount of hijacked or reused creds there are.

Brandon

On Fri, Feb 9, 2018, 10:59 AM Rich Kulawiec <r...@gsp.org> wrote:

> On Fri, Feb 09, 2018 at 09:56:43AM +0100, Dan Malm wrote:
> > I'm seeing an extreme amount of SMTP authentications (over 600/s) [snip]
>
> I wouldn't characterize what I've seen as "extreme" at any of the
> observation points I'm monitoring, but I have seen a moderate number of
> repeated attempts to authenticate against a mix of existing/non-existing
> accounts, some of which happened slowly and some of which were rapid.
>
> I used the past tense there because my response was to firewall
> out (what I believe to be) the relevant ranges from access to
> POP(S)/IMAP(S)/submission as applicable to various servers.
>
> ---rsk
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to