Re: [mailop] Massive botnet going off today?

2023-05-15 Thread Bill Cole via mailop
On 2023-05-15 at 13:31:47 UTC-0400 (Mon, 15 May 2023 17:31:47 +) Slavko via mailop is rumored to have said: Dňa 15. mája 2023 15:42:14 UTC používateľ "Taavi Eomäe via mailop" napísal: Here's a complete list of the IPs we've seen exhibit behavior specific to this botnet. If anyone's intere

Re: [mailop] Massive botnet going off today?

2023-05-15 Thread Michael Rathbun via mailop
On Mon, 15 May 2023 17:31:47 +, Slavko via mailop wrote: >Don't worry, you are not alone, ~3000 of them is already in my >MSA's firewall due AUTH attempts. On average, between 3,000 and 5,000 connection attempts occur per day, at my tiny and shrinking (down to four active users). After all

Re: [mailop] Massive botnet going off today?

2023-05-15 Thread Slavko via mailop
Dňa 15. mája 2023 15:42:14 UTC používateľ "Taavi Eomäe via mailop" napísal: >Here's a complete list of the IPs we've seen exhibit behavior specific to this >botnet. If anyone's interested. Don't worry, you are not alone, ~3000 of them is already in my MSA's firewall due AUTH attempts. By the S

Re: [mailop] Massive botnet going off today?

2023-05-15 Thread Taavi Eomäe via mailop
Here's a complete list of the IPs we've seen exhibit behavior specific to this botnet. If anyone's interested. 1.10.214.65 1.11.62.185 1.180.217.139 1.180.228.194 1.180.230.98 1.183.3.58 1.192.219.104 1.192.48.32 1.192.48.55 1.193.163.2 1.202.161.50 1.208.117.94 1.212.65.51 1.213.251.50 1.215.116.

Re: [mailop] Massive botnet going off today?

2023-05-15 Thread Michael Peddemors via mailop
On 2023-05-15 01:16, Taavi Eomäe via mailop wrote: Can confirm seeing a similar botnet at action, ~5000 different IP-addresses, ~400 million attempts and counting. Seems to be trying relatively random and unrelated local part + domain combinations. This also means this botnet is rather trivial

Re: [mailop] Massive botnet going off today?

2023-05-15 Thread Taavi Eomäe via mailop
Can confirm seeing a similar botnet at action, ~5000 different IP-addresses, ~400 million attempts and counting. Seems to be trying relatively random and unrelated local part + domain combinations. This also means this botnet is rather trivial to detect. smime.p7s Description: S/MIME Crypt

Re: [mailop] Massive botnet going off today?

2023-05-14 Thread Michael Peddemors via mailop
On 2023-05-13 12:09, Jarland Donnell via mailop wrote: Curious if anyone else is seeing an event similar to this. Here's the logs of 1 hour on one of our servers, for what I propose to be a botnet: https://clbin.com/4khRA I'm leaving the recipient domains in it becaus

Re: [mailop] Massive botnet going off today?

2023-05-13 Thread Ángel via mailop
On 2023-05-13 at 14:09 -0500, Jarland Donnell wrote: > Curious if anyone else is seeing an event similar to this. Here's the > logs of 1 hour on one of our servers, for what I propose to be a > botnet: https://clbin.com/4khRA > I'm leaving the recipient domains in it because they're not actually >

Re: [mailop] Massive botnet going off today?

2023-05-13 Thread Bill Cole via mailop
On 2023-05-13 at 15:09:50 UTC-0400 (Sat, 13 May 2023 14:09:50 -0500) Jarland Donnell via mailop is rumored to have said: Curious if anyone else is seeing an event similar to this. Inbound SMTP traffic is the median of the past 5 Saturdays through 20:00 UTC on the largest system I wrangle. So

[mailop] Massive botnet going off today?

2023-05-13 Thread Jarland Donnell via mailop
Curious if anyone else is seeing an event similar to this. Here's the logs of 1 hour on one of our servers, for what I propose to be a botnet: https://clbin.com/4khRA I'm leaving the recipient domains in it because they're not actually customer domains. Either they used to be, or they've ha