Hi,
On Wed 17/Nov/2021 09:12:13 +0100 Hans-Martin Mosner wrote:
Here I want to focus on hacked mail accounts. I can think of two major root
causes but I have no idea about their relative significance:
I agree with Steve and Ángel that the main causes are reused passwords and
phishing.
* Easily guessable passwords, with two subcauses for exploits:
o Brute force authentication attempts - I'm seeing them regularly, and
the most egregious networks (e.g. 5.188.206.0/24) are fully blocked at
our mailserver, but some mailops are less struct about blocking such
abusers.
I used to look at what passwords they try. Those brute force attacks are so ridiculous
that I agree with those who call them "clowns".
About that network, I only collected 40 addresses (15.7%) of it. Here's the
list:
list records in IP range 5.188.206.0-5.188.206.255,
min age 0 secs, max age 1637146807 secs, min prob 0=0.00%, max prob
2147483647=100.00%.
IP CREATED PROB. BLOCKED PACKETS UPDATED DECAY
THRESHOLD CAUGHT DESCRIPTION
5.188.206.98 Aug-2021 27.83% Oct-2021 184598 Oct-2021 2.7648e+06
7 13 SMTP auth dictionary attack
5.188.206.99 Aug-2021 42.44% Oct-2021 187446 Oct-2021 2.7648e+06
7 13 SMTP auth dictionary attack
5.188.206.100 Aug-2021 32.63% Oct-2021 191132 Oct-2021 2.7648e+06
7 14 SMTP auth dictionary attack
5.188.206.101 Aug-2021 23.06% Oct-2021 195623 Oct-2021 2.7648e+06
7 13 SMTP auth dictionary attack
5.188.206.102 Aug-2021 30.12% Oct-2021 193158 Oct-2021 2.7648e+06
7 14 SMTP auth dictionary attack
5.188.206.146 Jul-2021 0.00% Jul-2021 38385 Jul-2021 172800
3 11 SMTP auth dictionary attack
5.188.206.147 May-2021 0.00% May-2021 2690 May-2021 43200
1 6 SMTP auth dictionary attack
5.188.206.154 Aug-2021 22.50% Oct-2021 199790 Oct-2021 2.7648e+06
7 13 SMTP auth dictionary attack
5.188.206.155 Aug-2021 63.96% Oct-2021 200505 Oct-2021 5.5296e+06
8 14 SMTP auth dictionary attack
5.188.206.156 Aug-2021 44.10% Oct-2021 188176 Oct-2021 2.7648e+06
7 13 SMTP auth dictionary attack
5.188.206.157 Aug-2021 21.81% Oct-2021 201093 Oct-2021 2.7648e+06
7 12 SMTP auth dictionary attack
5.188.206.158 Aug-2021 13.69% Oct-2021 186692 Oct-2021 1.3824e+06
6 16 SMTP auth dictionary attack
5.188.206.162 Apr-2021 0.00% Apr-2021 16 May-2021 21600
0 4 Domain does not exist
5.188.206.163 Apr-2021 0.00% Apr-2021 49 May-2021 21600
0 6 SPF failure
5.188.206.164 Apr-2021 0.00% Apr-2021 8 Apr-2021 60
0 3 SPF failure
5.188.206.165 Apr-2021 0.00% Apr-2021 9 May-2021 60
0 3 SPF failure
5.188.206.166 Apr-2021 0.00% Apr-2021 12 May-2021 60
0 4 SPF failure
5.188.206.171 May-2021 0.00% 0 May-2021 60
0 1 SPF failure
5.188.206.172 May-2021 0.00% 0 May-2021 21600
0 1 Domain does not exist
5.188.206.174 May-2021 0.00% 0 May-2021 21600
0 1 Domain does not exist
5.188.206.182 May-2021 0.00% Jun-2021 321619 Jun-2021 691200
5 13 SMTP auth dictionary attack
5.188.206.194 Jul-2020 41.18% 52s ago 106607 53s ago 2.7648e+06
7 24 SMTP auth dictionary attack
5.188.206.195 Jul-2020 78.44% 570s ago 225627 569s ago 2.7648e+06
7 25 SMTP auth dictionary attack
5.188.206.196 Jul-2020 71.04% 54s ago 170925 54s ago 2.7648e+06
7 58 SMTP auth dictionary attack
5.188.206.197 Aug-2020 86.35% 51s ago 172424 57s ago 5.5296e+06
8 37 SMTP auth dictionary attack
5.188.206.198 Sep-2020 55.70% 572s ago 234734 573s ago 5.5296e+06
8 34 SMTP auth dictionary attack
5.188.206.199 Oct-2020 99.24% 571s ago 191169 572s ago 5.5296e+06
8 23 SMTP auth dictionary attack
5.188.206.200 Oct-2020 86.89% 45s ago 189656 60s ago 5.5296e+06
8 23 SMTP auth dictionary attack
5.188.206.201 Oct-2020 59.52% 686s ago 659987 687s ago 5.5296e+06
8 30 SMTP auth dictionary attack
5.188.206.202 Dec-2020 91.54% 57s ago 466233 62s ago 5.5296e+06
8 25 SMTP auth dictionary attack
5.188.206.203 Dec-2020 55.00% 42s ago 214836 50s ago 5.5296e+06
8 23 SMTP auth dictionary attack
5.188.206.204 Dec-2020 11.66% Aug-2021 374345 Aug-2021 2.7648e+06
7 25 SMTP auth dictionary attack
5.188.206.205 Jan-2021 32.61% Aug-2021 168831 Aug-2021 5.5296e+06
8 22 SMTP auth dictionary attack
5.188.206.206 Jun-2021 9.31% Aug-2021 139334 Aug-2021 2.7648e+06
7 18 SMTP auth dictionary attack
5.188.206.234 Feb-2021 7.82% Aug-2021 137165 Aug-2021 2.7648e+06
7 44 SMTP auth dictionary attack
5.188.206.235 Feb-2021 20.26% Aug-2021 341048 Aug-2021 5.5296e+06
8 22 SMTP auth dictionary attack
5.188.206.236 Apr-2021 8.97% Aug-2021 150635 Aug-2021 2.7648e+06
7 18 SMTP auth dictionary attack
5.188.206.237 Jun-2021 7.26% Aug-2021 135883 Aug-2021 2.7648e+06
7 20 SMTP auth dictionary attack
5.188.206.238 Jun-2021 12.76% Aug-2021 137208 Aug-2021 2.7648e+06
7 20 SMTP auth dictionary attack
5.188.206.246 Mar-2021 0.98% May-2021 58297 May-2021 2.7648e+06
7 13 SMTP auth dictionary attack
40 record(s) selected, 0 deleted, 0 failed deletion(s)
Best
Ale
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
