Lots of attacks coming from this block I'm only seeing non-SMTP attacks
however.
Things like attempted SMB breakins, telnet password probing (likely
IoT), VOIP attacks, a variety of botnets.
This could be a badly infected netblock or a dynamic segment with no
method to prevent IP hopping.
Hello!
On Thu, 9 Jul 2020, Benoit Panizzon via mailop wrote:
Range, 192.241.227.0/24
One connect each on Thu, Sat, Sun, and Mon. Did EHLO after banner, then
closed the connection.
116 connections between 27. June and 1. July to my spamtrap / honeypot,
mostly sending "EHLO zg-0626-127" and
> >Range, 192.241.227.0/24
>
> One connect each on Thu, Sat, Sun, and Mon. Did EHLO after banner, then
> closed the connection.
116 connections between 27. June and 1. July to my spamtrap / honeypot,
mostly sending "EHLO zg-0626-127" and then disconnecting.
Mit freundlichen Grüssen
-Benoî
On Tue, 7 Jul 2020 16:45:24 -0700, Michael Peddemors via mailop
wrote:
>Very High volume SMTP Auth type attacks, but either a broken bot, or an
>attempt at Denial of Service..
>
>Range, 192.241.227.0/24
One connect each on Thu, Sat, Sun, and Mon. Did EHLO after banner, then
closed the connect
Very High volume SMTP Auth type attacks, but either a broken bot, or an
attempt at Denial of Service..
Range, 192.241.227.0/24
Naming Convention: zg-0626-70.stretchoid.com
It's a 'fast talker' attack, sending EHLO before waiting for the CONNECT
string..
Just in case anyone else is encounter
