similar to: Being attacked by an Amazon EC2 ...

Just idly watching * in console mode and saw that someone from 50.49.54.102 tried to register with my *. whois gives:- OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US NetRange: 50.0.0.0 - 50.255.255.255 CIDR: 50.0.0.0/8 NetName: RESERVED-50

This morning someone tried to make sip call through my Asterisk. My server just drop these calls and record them in CDR with IP address: 2012-11-28 06:30:51 SIP/216... 1000 "1000" <1000> Hangup 999011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239 2. 2012-11-28 06:30:49 SIP/216... 1000 "1000" <1000> Hangup 88011972592249388 ANSWERED 00:01 Hacker:

I've been getting a lot of timeouts on non-critical invite transactions. I turned on sip debug. They were the result of SIP invites like this: Retransmitting #10 (NAT) to 185.107.94.10:13057: SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 215.45.145.211:5060;branch=z9hG4bK-524287-1---zg4cfkl50hpwpv4p;received=185.107.94.10;rport=13057 From:

>>> Perhaps if there was a Asterisk RBL we could all contribute to; for >>> which we could then hook into and drop any connection where a >>> source IP is listed ? -- Thanks, Phil >>> >> >> I love the idea of a RBL... count me in for contributing. >> >> Especially considering the ridiculous response I received from >> Amazon.

On Fri, 2019-11-22 at 10:55 -0500, Stephen John Smoogen wrote: > [smooge at smoogen-laptop ~]$ host -t MX smtp-relay.gmail.com.com > smtp-relay.gmail.com.com mail is handled by 10 mx203.inbound-mx.org. > smtp-relay.gmail.com.com mail is handled by 10 mx203.inbound-mx.net. .w smtp-relay.gmail.com.com smtp-relay.gmail.com.com has address 79.124.78.105 smtp-relay.gmail.com.com has address

i have been noticing a short connection burst in system monitor every time i connect to internet. i got curious and decided to run wireshark to see what was happening. seems that i am connecting to 96.195.141.178 with destination of "PartedMagic". this seemed strange because i do not have PartedMagic installed, so i ran a 'whois' check. this is what it showed: IP Location

Greetings, I am using R version 2.11.1 on a Dell computer, via a VMware connection to a remote server. My browser version is IE 8.0.6001.18702 and the OS is some corporate version of Microsoft XP. I'm trying to learn more about the tapply function , so I typed ?tapply into the command line. This opened up a browser window with url http://127.0.0.1:28138/library/base/html/tapply.html which is

Am 02.03.2015 um 10:06 schrieb Steffen Kaiser: > If such plugin(?) is available, I would expect immediate complains, it > does not support: > > + local file lists with various sets of syntaxes > + RBLs with a fine grained response matching > + use the same RBL response for multiple match-action pairs or it could work just with no config, unconditional and in front of any

Hi, I'm managing several mail servers running CentOS 7, Postfix and Dovecot. SpamAssassin is filtering mail nicely, but I'm considering using RBL (blacklists) to take some load off the servers. General question to those of you who use RBL. Which lists do you recommend using? Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site :

I wonder if there is an easy way to provide dovecot a flat text file of ipv4 #'s which should be ignored or dropped? I have accumulated 45,000+ IPs which routinely try dictionary and 12345678 password attempts. The file is too big to create firewall drops, and I don't want to compile with wrappers *if* dovecot has an easy ability to do this. If dovecot could parse a flat text file of

Hi i want to fetchmail from a pop server and check every email to any rbl spamhaus,spamcop,etc and if match at any rbl the email will be deleted. It's possible to do this? Thanks Nightduke

On 03/03/2015 11:03 PM, Earl Killian wrote: > On 2015/3/2 10:03, Reindl Harald wrote: >> >> that is all nice >> >> but the main benefit of RBL's is always ignored: >> >> * centralized >> * no log parsing at all >> * honeypot data are "delivered" to any host >> * it's cheap >> * it's easy to maintain >> * it

Am 02.03.2015 um 18:56 schrieb Robert Schetterer: > perhaps and i mean really "perhaps" go this way > > https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/ > > https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/ > > 45K+ IPs will work in a recent table > i have them too but for smtp only like > >

Hi all, Just out of curiosity: is there anything we can do, on the samba side, to counter the recent ransomware attacks? (or limit the damage done) I'm thinking like: limit the number of files per second a client (workstation) is allowed to edit, or some other smart tricks..? It would be nice if samba could be an extra layer of defense. Something perhaps a vfs module could help with..?

The mailing list is now open to outside posters again. We haven't been spammed in the last month or so since the list was closed. If anyone can suggest a way to use the MAPS RBL with Postfix and Majordomo (without turning it on the whole server), it would be much appreciated. -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller -

I realize this is slightly off topic, but I've noticed recently that I've been unable to preform RBL lookups using the the zen and sbl spamhaus RBL lists. Currently using Zimbra Collaboration Suite using CentOS 5 I'm seeing logs showing the following output. [root at phantom ~]# cat /var/log/zimbra.log | grep spamhaus Jul 18 13:07:12 phantom postfix/smtpd[27001]: warning:

On 03/04/2015 05:03 AM, Earl Killian wrote: > I would like to reiterate Reindl Harald's point above, since subsequent > discussion has gotten away from it. If Dovecot had DNS RBL support > similar to Postfix, I think quite a few people would use it, and thereby > defeat the scanners far more effectively than any other method. It is > good that other people are suggesting things

I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list. I have the list - and the list is available as a DNS blacklist. I'd like to have it work with both local IP lists or RBL lookup. The idea is so hackers from known IP addresses never succeed. If Dovecot provides the feature

You Guys/Gals just Flat out RULE !!!! -jason

Hy guys i am having so much hard time to setup asterisk on a virtual machine that i got , i just want to know if i really need to use Dahdi and libpri on a complete Digital PBX i just gonna use sip and iax. I will never use any kind of analog line on this machine. Wait for a feed back. Daniel Abreu.