I chuckle the most at the original twitter post from Greynoise :
"We have revoked the benign tag for OpenPortStats[.]com"
Did anyone actually think such a thing would be legitimate to start with?
:)
On Mon, Jun 24, 2019 at 12:26 AM Hank Nussbacher
wrote:
> On 24/06/2019 00:23, Randy Bush
On 24/06/2019 00:23, Randy Bush wrote:
e.g. i am aware of researchers scanning to see patching spread and
trying to make a conext paper dreadline this week or infocom next month.
hard to tell the sheep from the goats and the wolf from the sheep. i
get the appended. sheep or wholf? i sure do
Hi Brad,
On Sun, Jun 23, 2019 at 09:43:00PM +, Brad via NANOG wrote:
> On Friday, June 21, 2019 6:13 PM, Ronald F. Guilmette
> wrote:
>
> > https://twitter.com/GreyNoiseIO/status/1129017971135995904
> > https://twitter.com/JayTHL/status/1128718224965685248
>
> After forwarding these links
On Sun, 23 Jun 2019, Randy Bush wrote:
It's just a port/vulnerability scanner, I really don't see anything
special about this particular case.
they are pushing exploits. trying to RCE, wget a binary, chmod 777 on
routers and rm -rf files.
this goes way beyond scanner and into criminal trespass
See inline responses...
‐‐‐ Original Message ‐‐‐
On Friday, June 21, 2019 6:13 PM, Ronald F. Guilmette
wrote:
> https://twitter.com/GreyNoiseIO/status/1129017971135995904
> https://twitter.com/JayTHL/status/1128718224965685248
After forwarding these links to a sanitized client on
>> It's just a port/vulnerability scanner, I really don't see anything
>> special about this particular case.
>
> they are pushing exploits. trying to RCE, wget a binary, chmod 777 on
> routers and rm -rf files.
>
> this goes way beyond scanner and into criminal trespass and
> destruction of
On Sat, 22 Jun 2019, Filip Hruska wrote:
It's just a port/vulnerability scanner, I really don't see anything special
about this particular case.
they are pushing exploits. trying to RCE, wget a binary, chmod 777 on
routers and rm -rf files.
this goes way beyond scanner and into criminal
On Fri, Jun 21, 2019 at 05:13:35PM -0700, Ronald F. Guilmette wrote:
> Is there anybody on this list who keeps firewall logs and who
> DOESN'T have numerous hits recorded therein from one or more
> of the following IP addresses?
Well, I *did*, but having noticed their activities and grown tired
In message ,
"Keith Medcalf" wrote:
>On Friday, 21 June, 2019 18:14, Ronald F. Guilmette com> wrote:
>
>>https://twitter.com/GreyNoiseIO/status/1129017971135995904
>>https://twitter.com/JayTHL/status/1128718224965685248
>
>Sorry, don't twitter ... Too much malicious JavaScript there.
Hello,
On Sat, Jun 22, 2019 at 11:01:13AM -0600, Keith Medcalf wrote:
> What malware slinging?
Some user there is trying to exploit CVE-2018-10149:
2019-06-11 11:28:35 SMTP protocol synchronization error (next input sent too
soon: pipelining was not advertised): rejected "RCPT
TO:"
On 6/22/19 2:13 AM, Ronald F. Guilmette wrote:
https://twitter.com/GreyNoiseIO/status/1129017971135995904
https://twitter.com/JayTHL/status/1128718224965685248
Friday Questionaire:
Is there anybody on this list who keeps firewall logs and who
DOESN'T have numerous hits recorded
AS202425 = AS29073. Formerly known as Quasi Networks / Ecatel. See previous
NANOG thread here:
https://mailman.nanog.org/pipermail/nanog/2017-August/091956.html
On Sat, Jun 22, 2019 at 10:03 AM Keith Medcalf wrote:
> On Friday, 21 June, 2019 18:14, Ronald F. Guilmette
> wrote:
>
> >
On Friday, 21 June, 2019 18:14, Ronald F. Guilmette
wrote:
>https://twitter.com/GreyNoiseIO/status/1129017971135995904
>https://twitter.com/JayTHL/status/1128718224965685248
Sorry, don't twitter ... Too much malicious JavaScript there.
>Friday Questionaire:
>Is there anybody on this
https://twitter.com/GreyNoiseIO/status/1129017971135995904
https://twitter.com/JayTHL/status/1128718224965685248
Friday Questionaire:
Is there anybody on this list who keeps firewall logs and who
DOESN'T have numerous hits recorded therein from one or more
of the following IP addresses?
14 matches
Mail list logo
