On 2023-05-13 at 14:09 -0500, Jarland Donnell wrote: > Curious if anyone else is seeing an event similar to this. Here's the > logs of 1 hour on one of our servers, for what I propose to be a > botnet: https://clbin.com/4khRA > I'm leaving the recipient domains in it because they're not actually > customer domains. Either they used to be, or they've had their MX > pointed to us maliciously. I can't accurately say at the moment. > Whatever is happening in these logs, it looks fairly consistent, and > quite distributed. What I can't figure out yet, and I'm hoping > responses or lack thereof from others will shed light on, is whether > or not this is a targeted attack against our infrastructure or simply > a large scale event that we're all seeing.
I see a few of those ips and, while not exactly new, there's an uptick today. Messages seem a mixture, though: open server scans, I-have- hacked-your-mail, Chinese text... I doubt it is a targeted attack. _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
