On 2023-05-13 12:09, Jarland Donnell via mailop wrote:
Curious if anyone else is seeing an event similar to this. Here's the
logs of 1 hour on one of our servers, for what I propose to be a botnet:
https://clbin.com/4khRA <https://clbin.com/4khRA>
I'm leaving the recipient domains in it because they're not actually
customer domains. Either they used to be, or they've had their MX
pointed to us maliciously. I can't accurately say at the moment.
Whatever is happening in these logs, it looks fairly consistent, and
quite distributed. What I can't figure out yet, and I'm hoping responses
or lack thereof from others will shed light on, is whether or not this
is a targeted attack against our infrastructure or simply a large scale
event that we're all seeing.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
Assuming this is port 25 attacks, just enable a DUL checker early..
SpamRats RATS-DYNA for one has those IPs..
Then at least it won't consume the resources.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
