On 2/22/20 7:47 PM, Alessandro Vesely via mailop wrote:
> Even without 2FA, a password different from "12345" is probably desperately
> hard to guess.
_No_
When users tend to re-use the same password on different web sites or a slightly
different password from site to site, guessing a password
On Mon 24/Feb/2020 10:32:59 +0100 Andrew C Aitchison wrote:
> On Fri, 21 Feb 2020, Alessandro Vesely via mailop wrote:
>
>> I'm still puzzled by that Emerald Onion Repeat Infringer
>> Termination Policy.
>>
>> Perhaps, they have a real time incident reporting system
>> to catch miscreants.
>
> I
On Fri, 21 Feb 2020, Alessandro Vesely via mailop wrote:
I'm still puzzled by that Emerald Onion Repeat Infringer
Termination Policy.
Perhaps, they have a real time incident reporting system
to catch miscreants.
I assumed it was what they want to do, not what they can do.
If it isn't in the
On 2020-02-22 02:57:09 (+0800), Michael Peddemors via mailop wrote:
Consider how you would safely block the bad guys, yet let the good
guys still use the service. Which brings me to my favorite topic, 2FA
for IMAP/SMTP Auth, as many of you know.. (we talk about CLIENTID
often enough).
Isn't
Even without 2FA, a password different from "12345" is probably desperately
hard to guess. An activity suited for bots running at someone else's expenses.
Best
Ale
On Fri 21/Feb/2020 19:57:09 +0100 Michael Peddemors via mailop wrote:
> For the record, (just back from M3AAWG, what a great
For the record, (just back from M3AAWG, what a great event) AUTH attacks
from Tor networks ARE a thing.
While it might seem that the number of attacks from Tor Nodes, vs
legitimate AUTH requests from people that like using Tor for everything
is really one sided..
(Don't get me wrong, even
Hi,
On Thu 20/Feb/2020 11:02:47 +0100 Benoit Panizzon via mailop wrote:
>
> The Spamtrap / HoneyPot in question not only listens to port 25 but also
> listens on port 465 (smtps) and 587 (submission).
>
> If an attacker is doing some dictionary attack on this to check for
> valid passwords
Hi,
On Thu 20/Feb/2020 11:02:47 +0100 Benoit Panizzon via mailop wrote:
>
> The Spamtrap / HoneyPot in question not only listens to port 25 but also
> listens on port 465 (smtps) and 587 (submission).
>
> If an attacker is doing some dictionary attack on this to check for
> valid passwords
On 2/20/20 5:51 AM, Hans-Martin Mosner via mailop wrote:
This is probably a reasonable way of dealing with the problem. TOR exit
nodes are somewhat like dynamic IP addresses - you will get a lot of
dictionary attacks and similar stuff, and you can just block off any
non-authenticated non-http
On 2/20/20 3:02 AM, Benoit Panizzon via mailop wrote:
Hi
Hi,
The Spamtrap / HoneyPot in question not only listens to port 25 but
also listens on port 465 (smtps) and 587 (submission).
Okay.
It sounds like your spam trap / honey pot is designed to detect IPs that
are perpetrating abusive
Am 20.02.2020 11:02, schrieb Benoit Panizzon via mailop:
But I guess, just silently blacklisting Tor exist nodes and not sending
a ARF report to the ISP could be an option to solve that issue.
This is probably a reasonable way of dealing with the problem. TOR exit
nodes are somewhat like
Totally your call, but there is a LOT of AUTH abuse going on. If folks are mad
that their TOR nodes are getting reported for abuse, well… thems the breaks.
I get it, TOR is useful and there are legitimate reasons to use TOR. Probing
ports and attempting to crack passwords is not what I
Hi
Just a clarification on the issue, as we just got a 2nd similar
complaint from another Tor Exit node operator (obviously same attacker
being routed through another exit, guessing from the involved email
addresses).
The Spamtrap / HoneyPot in question not only listens to port 25 but also
On 2/17/20 2:35 AM, Benoit Panizzon via mailop wrote:
Now I got into discussion with the operator of several TOR exit
nodes. He claims that his ISP threatened to disconnect his TOR
servers because they were subject to a couple of abuse complaints
from our spamtraps.
It sound to me like /he/
On Tue, 18 Feb 2020, Matt Palmer via mailop wrote:
great, but it's an unfortunate side-effect of providing anonymity.
Frankly, if you were feeling up to the job of scripting it,
pre-emptively putting all Tor exit nodes which allow connections to port
25 in your RBL would not be a bad idea
[side note: I run Tor middle-nodes and bridges, although I do not have the
intestinal fortitude -- or a suitably supportive ISP -- to run an exit node]
On Mon, Feb 17, 2020 at 10:35:45AM +0100, Benoit Panizzon via mailop wrote:
> Occasionally, spam or more often, log-in attempts and dictionary
>
Hi,
On Mon 17/Feb/2020 10:35:45 +0100 Benoit Panizzon via mailop wrote:
>
> We operate Spamtraps which feed the SWINOG Anti-Spam Blacklist.
>
> A feedback loop is sent to the abuse-c of the IP Address from which
> email or attackts to spamtraps was detected.
>
> Occasionally, spam or more
Dear List
We operate Spamtraps which feed the SWINOG Anti-Spam Blacklist.
A feedback loop is sent to the abuse-c of the IP Address from which
email or attackts to spamtraps was detected.
Occasionally, spam or more often, log-in attempts and dictionary
attacks on the submission ports of the
18 matches
Mail list logo
