On Mon, 1 Apr 2019 18:41:07 -0700, Michael Peddemors <[email protected]>
wrote:
>Someone thinks it funny to do it on April Fools..
>
>Attacks Port 587, uses an EHLO of server.com, looks to be router
>compromises, but instead of the typical distributed low volume this one
>is hitting hard.. But see some other types of Linux Servers as well..
>
>Most rate limiter type tools are probably going to trigger on this one a
>lot..
Seeing a connection with EHLO server . com on average every 13 seconds at the
moment.
Interestingly, a spot check of a few IPs show none of them listed anywhere;
one would expect CBL, but apparently these are freshly-owned machines that
haven't been used for general spamming yet. I haven't yet extracted a full
list of IPs, but they should number in the thousands.
mdr
--
We are all temps.
-- Daisy Adair
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
