Re: Anyone Watching Actvity from this network? Attempting Dovecot Buffer Overflows?
On Wed, 15 Nov 2023, 23:25 Michael Peddemors, michael@linuxmagic.com wrote:
Not sure yet if it is Dovecot, or the SSL libraries they are attempting to break, but using a variety of SSL/TLS methods and connections...They are not interested in dovecot per se. They scan for TLS vulnerabilities, mostly.
They're running comprehensive port scans, so they're targeting more than just SSL services.
OrgName: Academy of Internet Research Limited Liability Company OrgId: AIRLL Address: #A1- 5436 Address: 1110 Nuuanu Ave City: Honolulu StateProv: HI PostalCode: 96817 Country: US
Out of business virtual offices, naturally.
AIRLL also operating out of 195.96.137.0/24.
Joseph Tam jtam.home@gmail.com
Any traffic that is not your client's, is unwanted. I have never ever had some scanning company called me, saying 'here you have 100 us$ because we used your data' or 'here are some tips to configure this better'. If someone is scanning you, it is always in their advantage not yours, no santa clauses on the internet ;)
Not sure yet if it is Dovecot, or the SSL libraries they are attempting to break, but using a variety of SSL/TLS methods and connections...They are not interested in dovecot per se. They scan for TLS
vulnerabilities,
mostly.
They're running comprehensive port scans, so they're targeting more than just SSL services.
OrgName: Academy of Internet Research Limited Liability Company OrgId: AIRLL Address: #A1- 5436 Address: 1110 Nuuanu Ave City: Honolulu StateProv: HI PostalCode: 96817 Country: USOut of business virtual offices, naturally.
AIRLL also operating out of 195.96.137.0/24.
Joseph Tam jtam.home@gmail.com
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Any traffic that is not your client's, is unwanted. I have never ever had some scanning company called me, saying 'here you have 100 us$ because we used your data' or 'here are some tips to configure this better'. If someone is scanning you, it is always in their advantage not yours, no santa clauses on the internet ;)
Actually, there are. The Dutch Institute for Vulnerability Disclosure (https://www.divd.nl/) for instance. They scan the internet for known vulnerabilities and contact vulnerable companies to notify them. To ease their work they have strongly promoted the use of security.txt (https://datatracker.ietf.org/doc/html/rfc9116) which is now mandatory for government in the Netherlands.
It is completely run by volunteers, purely with the aim to make the internet safer. Don't know if any of the volunteers is called Claus, but you can call them saints :).
Regards.
participants (3)
-
J. de Meijer
-
Joseph Tam
-
Marc