On 24/03/2020 15:10, Chris via mailop wrote:
On 2020-03-24 06:36, Steve Freegard via mailop wrote:
I have great respect for you, but I didn't spend a considerable
amount of development time without actually being absolutely certain
about what I was doing. Your experience is not relevant because you
do not have experience with equivalent traps to these - I know this
for certain because I would have come across them, this also proves it:
{ auth_method: 'PLAIN',
auth_password: 'g3tt0ugh!',
auth_username: '<REDACTED>',
source_ip: '185.64.105.8'
}
With respect, Steve, you have no idea what we're doing with traps.
That's mostly true, but for this particular scenario of where I am
getting this AUTH data from - I would absolutely know because it would
be almost statistically impossible for me not to spot this at the scale
we both handle data. For example - I know that IBM X-Force is also
doing something similar to me because I've observed them doing it as
this is something that I regularly check.
I fail to see how a single sample proves anything. If it did, I'd
disprove your proof with something I just plucked out:
thraxisp@<redacted>:16472
Sure - that's a totally useless password and I'm happy to report I
haven't seen that particular username, but without an IP - it's a bit
meaningless as I can't tell you if we're seeing traffic on it or not.
However I could go and pull a bunch of other IPs from this collection
method that the CBL also does not see - I'm just trying to convey that
you're making a lot of (incorrect) assumptions about the usefulness of
data that, based upon evidence, you don't appear to have.
That's all.
Kind regards,
Steve.
--
Steve Freegard
Senior Product Owner
Abusix Intelligence
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
