On Wed, 15 Nov 2023, 23:25 Michael Peddemors, <[email protected]> wrote:
There is a network claiming to be a security company, however the
activity appears to be a little more malicious, and appears to be
attempting buffer overflows against POP-SSL services.. (and other
attacks).
https://www.abuseipdb.com/check/104.156.155.21
Just thought it would be worth mentioning, you might want to keep an
eye
out for traffic from this company...
Might want to make up your own mind, or maybe someone has more
information, but enough of a red flag, that thought it warranted
posting
on the list.
Not sure yet if it is Dovecot, or the SSL libraries they are
attempting
to break, but using a variety of SSL/TLS methods and connections...
They are not interested in dovecot per se. They scan for TLS vulnerabilities,
mostly.
Anyone with more information?
NetRange: 104.156.155.0 - 104.156.155.255
CIDR: 104.156.155.0/24
NetName: ACDRESEARCH
NetHandle: NET-104-156-155-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Academy of Internet Research Limited Liability
Company
(AIRLL)
RegDate: 2022-01-07
Updated: 2022-01-07
Ref: https://rdap.arin.net/registry/ip/104.156.155.0
OrgName: Academy of Internet Research Limited Liability
Company
OrgId: AIRLL
Address: #A1- 5436
Address: 1110 Nuuanu Ave
City: Honolulu
StateProv: HI
PostalCode: 96817
Country: US
RegDate: 2021-10-15
Updated: 2022-11-06
Ref: https://rdap.arin.net/registry/entity/AIRLL
--
See also shadowserver.org, census.io, stretchoid, etc. All of them allegedly
reputable, all of them supposedly with opt-out mechanisms, and all of them are
blocked for not asking permission.
Ymmv.
Regards
Simon
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
