Re: [mailop] Usually don't post about these.. large aggressive Brute Force Bot fired up today..

Michael Peddemors Wed, 03 Apr 2019 10:53:18 -0700

On 2019-04-02 9:05 p.m., Michael Rathbun wrote:

On Mon, 1 Apr 2019 18:41:07 -0700, Michael Peddemors <[email protected]>
wrote:

Someone thinks it funny to do it on April Fools..

Attacks Port 587, uses an EHLO of server.com, looks to be router
compromises, but instead of the typical distributed low volume this one
is hitting hard.. But see some other types of Linux Servers as well..

Most rate limiter type tools are probably going to trigger on this one a
lot..


Seeing a connection with EHLO server . com on average every 13 seconds at the
moment.

Interestingly, a spot check of a few IPs show none of them listed anywhere;
one would expect CBL, but apparently these are freshly-owned machines that
haven't been used for general spamming yet.  I haven't yet extracted a full
list of IPs, but they should number in the thousands.

mdr


Yeah, spam auditors are working up a blog about this attack..

If anyone is interested, we can post the 834 IP(s) involved in thisattack.. (BTW, See them on SpamRats RATS-AUTH as well)


But the big guys could use some work on catching these at the source..

Mini Examples:

18.179.151.15 15.151.179.18.in-addr.arpa domain name pointerec2-18-179-151-15.ap-northeast-1.compute.amazonaws.com.34.210.195.178 178.195.210.34.in-addr.arpa domain name pointerec2-34-210-195-178.us-west-2.compute.amazonaws.com.3.16.18.80 80.18.16.3.in-addr.arpa domain name pointerec2-3-16-18-80.us-east-2.compute.amazonaws.com.52.79.101.155 155.101.79.52.in-addr.arpa domain name pointerec2-52-79-101-155.ap-northeast-2.compute.amazonaws.com.52.9.95.58 58.95.9.52.in-addr.arpa domain name pointerec2-52-9-95-58.us-west-1.compute.amazonaws.com.3.120.141.172 172.141.120.3.in-addr.arpa domain name pointerec2-3-120-141-172.eu-central-1.compute.amazonaws.com.54.185.240.89 89.240.185.54.in-addr.arpa domain name pointerec2-54-185-240-89.us-west-2.compute.amazonaws.com.34.221.170.229 229.170.221.34.in-addr.arpa domain name pointerec2-34-221-170-229.us-west-2.compute.amazonaws.com.13.59.237.218 218.237.59.13.in-addr.arpa domain name pointerec2-13-59-237-218.us-east-2.compute.amazonaws.com.34.255.9.194 194.9.255.34.in-addr.arpa domain name pointerec2-34-255-9-194.eu-west-1.compute.amazonaws.com.18.222.189.69 69.189.222.18.in-addr.arpa domain name pointerec2-18-222-189-69.us-east-2.compute.amazonaws.com.3.16.40.134 134.40.16.3.in-addr.arpa domain name pointerec2-3-16-40-134.us-east-2.compute.amazonaws.com.3.16.114.60 60.114.16.3.in-addr.arpa domain name pointerec2-3-16-114-60.us-east-2.compute.amazonaws.com.18.217.150.219 219.150.217.18.in-addr.arpa domain name pointerec2-18-217-150-219.us-east-2.compute.amazonaws.com.3.121.229.149 149.229.121.3.in-addr.arpa domain name pointerec2-3-121-229-149.eu-central-1.compute.amazonaws.com.3.16.34.223 223.34.16.3.in-addr.arpa domain name pointerec2-3-16-34-223.us-east-2.compute.amazonaws.com.54.92.49.93 93.49.92.54.in-addr.arpa domain name pointerec2-54-92-49-93.ap-northeast-1.compute.amazonaws.com.35.171.10.61 61.10.171.35.in-addr.arpa domain name pointerec2-35-171-10-61.compute-1.amazonaws.com.3.85.13.72 72.13.85.3.in-addr.arpa domain name pointerec2-3-85-13-72.compute-1.amazonaws.com.18.225.9.172 172.9.225.18.in-addr.arpa domain name pointerec2-18-225-9-172.us-east-2.compute.amazonaws.com.18.218.57.198 198.57.218.18.in-addr.arpa domain name pointerec2-18-218-57-198.us-east-2.compute.amazonaws.com.35.168.44.89 89.44.168.35.in-addr.arpa domain name pointerec2-35-168-44-89.compute-1.amazonaws.com.13.114.57.213 213.57.114.13.in-addr.arpa domain name pointerec2-13-114-57-213.ap-northeast-1.compute.amazonaws.com.18.188.157.186 186.157.188.18.in-addr.arpa domain name pointerec2-18-188-157-186.us-east-2.compute.amazonaws.com.52.18.82.162 162.82.18.52.in-addr.arpa domain name pointerec2-52-18-82-162.eu-west-1.compute.amazonaws.com.52.195.1.101 101.1.195.52.in-addr.arpa domain name pointerec2-52-195-1-101.ap-northeast-1.compute.amazonaws.com.18.179.46.30 30.46.179.18.in-addr.arpa domain name pointerec2-18-179-46-30.ap-northeast-1.compute.amazonaws.com.13.126.100.11 11.100.126.13.in-addr.arpa domain name pointerec2-13-126-100-11.ap-south-1.compute.amazonaws.com.3.120.161.148 148.161.120.3.in-addr.arpa domain name pointerec2-3-120-161-148.eu-central-1.compute.amazonaws.com.3.17.12.210 210.12.17.3.in-addr.arpa domain name pointerec2-3-17-12-210.us-east-2.compute.amazonaws.com.18.194.15.128 128.15.194.18.in-addr.arpa domain name pointerec2-18-194-15-128.eu-central-1.compute.amazonaws.com.18.223.163.198 198.163.223.18.in-addr.arpa domain name pointerec2-18-223-163-198.us-east-2.compute.amazonaws.com.52.32.192.7 7.192.32.52.in-addr.arpa domain name pointerec2-52-32-192-7.us-west-2.compute.amazonaws.com.18.184.121.98 98.121.184.18.in-addr.arpa domain name pointerec2-18-184-121-98.eu-central-1.compute.amazonaws.com.18.223.171.70 70.171.223.18.in-addr.arpa domain name pointerec2-18-223-171-70.us-east-2.compute.amazonaws.com.18.217.29.98 98.29.217.18.in-addr.arpa domain name pointerec2-18-217-29-98.us-east-2.compute.amazonaws.com.52.37.68.157 157.68.37.52.in-addr.arpa domain name pointerec2-52-37-68-157.us-west-2.compute.amazonaws.com.13.250.42.61 61.42.250.13.in-addr.arpa domain name pointerec2-13-250-42-61.ap-southeast-1.compute.amazonaws.com.18.188.34.199 199.34.188.18.in-addr.arpa domain name pointerec2-18-188-34-199.us-east-2.compute.amazonaws.com.13.58.68.233 233.68.58.13.in-addr.arpa domain name pointerec2-13-58-68-233.us-east-2.compute.amazonaws.com.13.233.46.240 240.46.233.13.in-addr.arpa domain name pointerec2-13-233-46-240.ap-south-1.compute.amazonaws.com.54.223.188.44 44.188.223.54.in-addr.arpa domain name pointerec2-54-223-188-44.cn-north-1.compute.amazonaws.com.cn.35.160.26.17 17.26.160.35.in-addr.arpa domain name pointerec2-35-160-26-17.us-west-2.compute.amazonaws.com.3.0.90.113 113.90.0.3.in-addr.arpa domain name pointerec2-3-0-90-113.ap-southeast-1.compute.amazonaws.com.54.148.102.34 34.102.148.54.in-addr.arpa domain name pointerec2-54-148-102-34.us-west-2.compute.amazonaws.com.13.233.32.128 128.32.233.13.in-addr.arpa domain name pointerec2-13-233-32-128.ap-south-1.compute.amazonaws.com.52.8.126.80 80.126.8.52.in-addr.arpa domain name pointerec2-52-8-126-80.us-west-1.compute.amazonaws.com.13.58.94.28 28.94.58.13.in-addr.arpa domain name pointerec2-13-58-94-28.us-east-2.compute.amazonaws.com.18.218.77.191 191.77.218.18.in-addr.arpa domain name pointerec2-18-218-77-191.us-east-2.compute.amazonaws.com.35.154.89.9 9.89.154.35.in-addr.arpa domain name pointerec2-35-154-89-9.ap-south-1.compute.amazonaws.com.52.207.178.83 83.178.207.52.in-addr.arpa domain name pointerec2-52-207-178-83.compute-1.amazonaws.com.3.120.108.122 122.108.120.3.in-addr.arpa domain name pointerec2-3-120-108-122.eu-central-1.compute.amazonaws.com.52.77.169.188 188.169.77.52.in-addr.arpa domain name pointerec2-52-77-169-188.ap-southeast-1.compute.amazonaws.com.18.216.155.200 200.155.216.18.in-addr.arpa domain name pointerec2-18-216-155-200.us-east-2.compute.amazonaws.com.18.216.18.81 81.18.216.18.in-addr.arpa domain name pointerec2-18-216-18-81.us-east-2.compute.amazonaws.com.3.120.139.38 38.139.120.3.in-addr.arpa domain name pointerec2-3-120-139-38.eu-central-1.compute.amazonaws.com.

35.228.180.170 170.180.228.35.in-addr.arpa domain name pointer170.180.228.35.bc.googleusercontent.com.35.230.103.15 15.103.230.35.in-addr.arpa domain name pointer15.103.230.35.bc.googleusercontent.com.35.241.251.180 180.251.241.35.in-addr.arpa domain name pointer180.251.241.35.bc.googleusercontent.com.35.237.201.155 155.201.237.35.in-addr.arpa domain name pointer155.201.237.35.bc.googleusercontent.com.35.226.195.195 195.195.226.35.in-addr.arpa domain name pointer195.195.226.35.bc.googleusercontent.com.35.221.33.143 143.33.221.35.in-addr.arpa domain name pointer143.33.221.35.bc.googleusercontent.com.104.198.6.247 247.6.198.104.in-addr.arpa domain name pointer247.6.198.104.bc.googleusercontent.com.35.190.165.252 252.165.190.35.in-addr.arpa domain name pointer252.165.190.35.bc.googleusercontent.com.35.199.106.40 40.106.199.35.in-addr.arpa domain name pointer40.106.199.35.bc.googleusercontent.com.35.231.48.87 87.48.231.35.in-addr.arpa domain name pointer87.48.231.35.bc.googleusercontent.com.35.231.225.200 200.225.231.35.in-addr.arpa domain name pointer200.225.231.35.bc.googleusercontent.com.35.244.36.122 122.36.244.35.in-addr.arpa domain name pointer122.36.244.35.bc.googleusercontent.com.35.232.244.239 239.244.232.35.in-addr.arpa domain name pointer239.244.232.35.bc.googleusercontent.com.34.73.183.37 37.183.73.34.in-addr.arpa domain name pointer37.183.73.34.bc.googleusercontent.com.35.221.157.112 112.157.221.35.in-addr.arpa domain name pointer112.157.221.35.bc.googleusercontent.com.35.236.93.240 240.93.236.35.in-addr.arpa domain name pointer240.93.236.35.bc.googleusercontent.com.35.237.69.220 220.69.237.35.in-addr.arpa domain name pointer220.69.237.35.bc.googleusercontent.com.35.237.21.228 228.21.237.35.in-addr.arpa domain name pointer228.21.237.35.bc.googleusercontent.com.35.190.234.39 39.234.190.35.in-addr.arpa domain name pointer39.234.190.35.bc.googleusercontent.com.35.237.4.122 122.4.237.35.in-addr.arpa domain name pointer122.4.237.35.bc.googleusercontent.com.35.236.178.148 148.178.236.35.in-addr.arpa domain name pointer148.178.236.35.bc.googleusercontent.com.35.185.172.135 135.172.185.35.in-addr.arpa domain name pointer135.172.185.35.bc.googleusercontent.com.34.73.241.97 97.241.73.34.in-addr.arpa domain name pointer97.241.73.34.bc.googleusercontent.com.

144.22.112.42 42.112.22.144.in-addr.arpa domain name pointeroc-144-22-112-42.compute.oraclecloud.com.144.22.101.25 25.101.22.144.in-addr.arpa domain name pointeroc-144-22-101-25.compute.oraclecloud.com.144.21.80.208 208.80.21.144.in-addr.arpa domain name pointeroc-144-21-80-208.compute.oraclecloud.com.129.150.98.168 168.98.150.129.in-addr.arpa domain name pointeroc-129-150-98-168.compute.oraclecloud.com.144.22.97.159 159.97.22.144.in-addr.arpa domain name pointeroc-144-22-97-159.compute.oraclecloud.com.

172.104.146.122 122.146.104.172.in-addr.arpa domain name pointerli1662-122.members.linode.com.139.162.44.163 163.44.162.139.in-addr.arpa domain name pointerli1457-163.members.linode.com.198.58.123.124 124.123.58.198.in-addr.arpa domain name pointerli667-124.members.linode.com.172.104.62.115 115.62.104.172.in-addr.arpa domain name pointerli1642-115.members.linode.com.172.104.135.156 156.135.104.172.in-addr.arpa domain name pointerli1651-156.members.linode.com.198.58.110.186 186.110.58.198.in-addr.arpa domain name pointerli604-186.members.linode.com.139.162.8.38 38.8.162.139.in-addr.arpa domain name pointerli850-38.members.linode.com.45.33.10.149 149.10.33.45.in-addr.arpa domain name pointerli964-149.members.linode.com.

45.77.172.131 131.172.77.45.in-addr.arpa domain name pointer45.77.172.131.vultr.com.144.202.56.52 52.56.202.144.in-addr.arpa domain name pointer144.202.56.52.vultr.com.45.32.130.233 233.130.32.45.in-addr.arpa domain name pointer45.32.130.233.vultr.com.45.76.157.243 243.157.76.45.in-addr.arpa domain name pointer45.76.157.243.vultr.com.104.238.130.83 83.130.238.104.in-addr.arpa domain name pointer104.238.130.83.vultr.com.45.77.167.93 93.167.77.45.in-addr.arpa domain name pointer45.77.167.93.vultr.com.45.76.111.204 204.111.76.45.in-addr.arpa domain name pointer45.76.111.204.vultr.com.45.76.120.154 154.120.76.45.in-addr.arpa domain name pointer45.76.120.154.vultr.com.45.77.130.235 235.130.77.45.in-addr.arpa domain name pointer45.77.130.235.vultr.com.207.148.27.156 156.27.148.207.in-addr.arpa domain name pointer207.148.27.156.vultr.com.207.148.97.207 207.97.148.207.in-addr.arpa domain name pointer207.148.97.207.vultr.com.45.76.189.207 207.189.76.45.in-addr.arpa domain name pointer45.76.189.207.vultr.com.45.77.2.217 217.2.77.45.in-addr.arpa domain name pointer45.77.2.217.vultr.com.45.77.248.177 177.248.77.45.in-addr.arpa domain name pointer45.77.248.177.vultr.com.207.148.26.208 208.26.148.207.in-addr.arpa domain name pointer207.148.26.208.vultr.com.45.76.178.148 148.178.76.45.in-addr.arpa domain name pointer45.76.178.148.vultr.com.45.76.119.48 48.119.76.45.in-addr.arpa domain name pointer45.76.119.48.vultr.com.45.32.112.159 159.112.32.45.in-addr.arpa domain name pointer45.32.112.159.vultr.com.

173.212.213.119 119.213.212.173.in-addr.arpa domain name pointervmi149581.contaboserver.net.213.136.94.59 59.94.136.213.in-addr.arpa domain name pointervmi208932.contaboserver.net.173.212.196.102 102.196.212.173.in-addr.arpa domain name pointervmi180572.contaboserver.net.213.136.80.74 74.80.136.213.in-addr.arpa domain name pointervmi171382.contaboserver.net.213.136.79.195 195.79.136.213.in-addr.arpa domain name pointervmi157563.contaboserver.net.5.189.160.97 97.160.189.5.in-addr.arpa domain name pointervmi199245.contaboserver.net.173.212.202.56 56.202.212.173.in-addr.arpa domain name pointervmi228406.contaboserver.net.207.180.206.186 186.206.180.207.in-addr.arpa domain name pointervmi206207.contaboserver.net.80.241.217.161 161.217.241.80.in-addr.arpa domain name pointerm1057.contaboserver.net.207.180.215.226 226.215.180.207.in-addr.arpa domain name pointervmi239167.contaboserver.net.213.136.91.183 183.91.136.213.in-addr.arpa domain name pointervmi128709.contaboserver.net.173.249.13.242 242.13.249.173.in-addr.arpa domain name pointervmi151319.contaboserver.net.




--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Usually don't post about these.. large aggressive Brute Force Bot fired up today..

Reply via email to