@dovecot.org
Subject: Re: Anyone Watching Actvity from this network? Attempting Dovecot
Buffer Overflows?
Good day to all .
Just adding to the conversation with how I had to deal with this years ago.
Basically hacks to any server are an issue today but it is cat & mouse
trying to track
> Any traffic that is not your client's, is unwanted. I have never ever had
> some scanning company called me, saying 'here you have 100 us$ because we
> used your data' or 'here are some tips to configure this better'.
> If someone is scanning you, it is always in their advantage not yours, no
>
On 11/16/23 10:56 AM, Paul Kudla wrote:
Ok a few things about IP blocks
If they are portable they can move from country to country ??
without any real notice.
the ip that triggered all this says it is allocated from NL
(Neatherlands) but physicaly exists in Hawii ?
Ok a few things about IP blocks
If they are portable they can move from country to country ??
without any real notice.
the ip that triggered all this says it is allocated from NL
(Neatherlands) but physicaly exists in Hawii ?
No list will ever be 100% acurate
I did find this link that
Brendan Kearney wrote:
i have some rather old IpToCountry.csv files from a now defunct site. it
mapped IP allocations to country and included the RIR, date assigned,
etc. this data is a few years old as the site was taken down and there
is probably a lot of new or updated info. a GeoDB
And what if someone is on vacation? You can also use dnsbl on your submission,
that helps a lot.
>
> Are there publicly available lists of IP ranges by region?
>
> There's no reason for any IP outside of North America to be contacting
> Postfix on Submission (587) or IMAP, since these are
On 11/16/23 9:05 AM, Nick Lockheart wrote:
Are there publicly available lists of IP ranges by region?
There's no reason for any IP outside of North America to be contacting Postfix
on Submission (587) or IMAP, since these are employee only services.
If not for mobile phones, we could really
Are there publicly available lists of IP ranges by region?
There's no reason for any IP outside of North America to be contacting Postfix
on Submission (587) or IMAP, since these are employee only services.
If not for mobile phones, we could really close it off.
On Thu, 2023-11-16 at 08:27
Good day to all .
Just adding to the conversation with how I had to deal with this years ago.
Basically hacks to any server are an issue today but it is cat & mouse
trying to track all of this.
That being said using the reported ip address below, I patched postfix
to log the ip address
Any traffic that is not your client's, is unwanted. I have never ever had some
scanning company called me, saying 'here you have 100 us$ because we used your
data' or 'here are some tips to configure this better'.
If someone is scanning you, it is always in their advantage not yours, no santa
On Wed, 15 Nov 2023, 23:25 Michael Peddemors, wrote:
> Not sure yet if it is Dovecot, or the SSL libraries they are
> attempting
> to break, but using a variety of SSL/TLS methods and connections...
>
> They are not interested in dovecot per se. They scan for TLS vulnerabilities,
On Wed, 15 Nov 2023, 23:25 Michael Peddemors, wrote:
There is a network claiming to be a security company, however the
activity appears to be a little more malicious, and appears to be
attempting buffer overflows against POP-SSL services.. (and other
attacks).
12 matches
Mail list logo
