20 Apr
2017
20 Apr
'17
11:10 a.m.
China, Vietnam and others in same region are the nr1 source of hack attempts...
Been seeing A LOT of hack attempts coming from those sources the last 5 years or so on all
networks I manage for customers
Ruben - ON3RVH
> On 20 Apr 2017, at 16:54, Marc Williams <monsieurmarc(a)btinternet.com> wrote:
>
> (Please trim inclusions from previous messages)
> _______________________________________________
> My relatively new GW is at 86.146.55.101I am keen to know what rules to apply when
its agreed on.As it is I have blocked all china IP's as i was getting A LOT of
connection attempts.
> Marc
>
> On Thursday, 20 April 2017, 15:48, Brian Kantor <Brian(a)UCSD.Edu> wrote:
>
>
> (Please trim inclusions from previous messages)
> _______________________________________________
> In analyzing the log, it's pretty clear that before I started filtering
> these packets out, amprgw was being used to attack hosts all over the
> Internet from a huge list of spoofed packet outer source addresses.
>
> New firewall rules require that incoming proto-4 packets have to have an
> outer source address of one of the registered gateways, and forwarding
> rules require the inner source address to be on network 44 and on the
> list of registered hosts. This should help some.
>
> Given those rules, the following gateways have been attempting to
> send encap packets with non-44 inner source addresses:
>
> 23.30.150.141
> 24.55.194.111
> 24.147.182.8
> 24.215.95.200
> 24.229.88.253
> 59.167.198.158
> 67.164.64.8
> 77.138.34.39
> 85.186.143.52
> 85.234.252.133
> 87.105.249.51
> 87.251.250.110
> 91.121.90.186 *
> 104.49.12.130
> 104.238.183.161
>
> * this one has been doing it a lot
>
> If people who operate these gateways could look into why they're doing
> this it would be appreciated.
> - Brian
>
>> On Thu, Apr 20, 2017 at 05:50:41AM +0000, R P wrote:
>> May you provide a list of all these gateways you see ? so that their maintainers
will be aware and fix the problem ?
>> I hope one of them is not myn ....
> _________________________________________
> 44Net mailing list
> 44Net(a)hamradio.ucsd.edu
> http://hamradio.ucsd.edu/mailman/listinfo/44net
>
>
>
>