I chuckle the most at the original twitter post from Greynoise :
"We have revoked the benign tag for OpenPortStats[.]com"
Did anyone actually think such a thing would be legitimate to start with?
:)
On Mon, Jun 24, 2019 at 12:26 AM Hank Nussbacher
wrote:
> On 24/06/2019 00:23, Randy Bush wrote
On 24/06/2019 00:23, Randy Bush wrote:
e.g. i am aware of researchers scanning to see patching spread and
trying to make a conext paper dreadline this week or infocom next month.
hard to tell the sheep from the goats and the wolf from the sheep. i
get the appended. sheep or wholf? i sure do n
Hi Brad,
On Sun, Jun 23, 2019 at 09:43:00PM +, Brad via NANOG wrote:
> On Friday, June 21, 2019 6:13 PM, Ronald F. Guilmette
> wrote:
>
> > https://twitter.com/GreyNoiseIO/status/1129017971135995904
> > https://twitter.com/JayTHL/status/1128718224965685248
>
> After forwarding these links
On Sun, 23 Jun 2019, Randy Bush wrote:
It's just a port/vulnerability scanner, I really don't see anything
special about this particular case.
they are pushing exploits. trying to RCE, wget a binary, chmod 777 on
routers and rm -rf files.
this goes way beyond scanner and into criminal trespass
See inline responses...
‐‐‐ Original Message ‐‐‐
On Friday, June 21, 2019 6:13 PM, Ronald F. Guilmette
wrote:
> https://twitter.com/GreyNoiseIO/status/1129017971135995904
> https://twitter.com/JayTHL/status/1128718224965685248
After forwarding these links to a sanitized client on anot
>> It's just a port/vulnerability scanner, I really don't see anything
>> special about this particular case.
>
> they are pushing exploits. trying to RCE, wget a binary, chmod 777 on
> routers and rm -rf files.
>
> this goes way beyond scanner and into criminal trespass and
> destruction of prop
On Sat, 22 Jun 2019, Filip Hruska wrote:
It's just a port/vulnerability scanner, I really don't see anything special
about this particular case.
they are pushing exploits. trying to RCE, wget a binary, chmod 777 on
routers and rm -rf files.
this goes way beyond scanner and into criminal tres
On Fri, Jun 21, 2019 at 05:13:35PM -0700, Ronald F. Guilmette wrote:
> Is there anybody on this list who keeps firewall logs and who
> DOESN'T have numerous hits recorded therein from one or more
> of the following IP addresses?
Well, I *did*, but having noticed their activities and grown tired of
In message ,
"Keith Medcalf" wrote:
>On Friday, 21 June, 2019 18:14, Ronald F. Guilmette com> wrote:
>
>>https://twitter.com/GreyNoiseIO/status/1129017971135995904
>>https://twitter.com/JayTHL/status/1128718224965685248
>
>Sorry, don't twitter ... Too much malicious JavaScript there.
C
Hello,
On Sat, Jun 22, 2019 at 11:01:13AM -0600, Keith Medcalf wrote:
> What malware slinging?
Some user there is trying to exploit CVE-2018-10149:
2019-06-11 11:28:35 SMTP protocol synchronization error (next input sent too
soon: pipelining was not advertised): rejected "RCPT
TO:"
H=(myhostn
On 6/22/19 2:13 AM, Ronald F. Guilmette wrote:
https://twitter.com/GreyNoiseIO/status/1129017971135995904
https://twitter.com/JayTHL/status/1128718224965685248
Friday Questionaire:
Is there anybody on this list who keeps firewall logs and who
DOESN'T have numerous hits recorded there
AS202425 = AS29073. Formerly known as Quasi Networks / Ecatel. See previous
NANOG thread here:
https://mailman.nanog.org/pipermail/nanog/2017-August/091956.html
On Sat, Jun 22, 2019 at 10:03 AM Keith Medcalf wrote:
> On Friday, 21 June, 2019 18:14, Ronald F. Guilmette
> wrote:
>
> >https:/
On Friday, 21 June, 2019 18:14, Ronald F. Guilmette
wrote:
>https://twitter.com/GreyNoiseIO/status/1129017971135995904
>https://twitter.com/JayTHL/status/1128718224965685248
Sorry, don't twitter ... Too much malicious JavaScript there.
>Friday Questionaire:
>Is there anybody on this
13 matches
Mail list logo
