Lots of attacks coming from this block I'm only seeing non-SMTP attacks
however.
Things like attempted SMB breakins, telnet password probing (likely
IoT), VOIP attacks, a variety of botnets.
This could be a badly infected netblock or a dynamic segment with no
method to prevent IP hopping.
This is one of those drop-at-the-router netblocks.
On 2020-07-07 19:45, Michael Peddemors via mailop wrote:
Very High volume SMTP Auth type attacks, but either a broken bot, or an
attempt at Denial of Service..
Range, 192.241.227.0/24
Naming Convention: zg-0626-70.stretchoid.com
It's a 'fast talker' attack, sending EHLO before waiting for the CONNECT
string..
Just in case anyone else is encountering this attack..
And if there is a DO guy onlist with a heart, he can pull the plug on
those..
And if the hacker is on this list, fix your bot! It isn't going to get
far if you are trying an AUTH attack, as a fast talker ;)
Just an annoyance..
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
