On 2023-05-15 at 13:31:47 UTC-0400 (Mon, 15 May 2023 17:31:47 +0000)
Slavko via mailop <[email protected]>
is rumored to have said:
Dňa 15. mája 2023 15:42:14 UTC používateľ "Taavi Eomäe via
mailop" <[email protected]> napísal:
Here's a complete list of the IPs we've seen exhibit behavior
specific to this botnet. If anyone's interested.
Don't worry, you are not alone, ~3000 of them is already in my
MSA's firewall due AUTH attempts.
This explains why I didn't see it: I have a passel of handcrafted tools
looking at honeypot traffic with escalations to blocking by route
prefix... Most of these IPs are in ranges where I've seen suspect
traffic from many sources recently and deemed them generally disposable.
e.g. I'll likely never have a legit packet from any random nameless
ChinaNet IP, so why waste TCP on any of them?
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
