Re: random usernames in attempts to break in to my machine?
On Monday, 4 April 2022 10:27:09 EDT Teemu Likonen wrote:
> * 2022-04-04 07:40:47-0600, Joe Pfeiffer wrote:
> > This isn't really debian-specific, but I don't know a better place to
> > ask... recently, I've been having servers make a large number of
> > attempts to access my mail host using what appear to be random
> > strings
> > as usernames -- it looks like this:
> >
> > They all have the same form: <something
> > random>.fsf@pfeifferfamily.net
>
> That pattern is the Message-ID field generated by Emacs message-mode
> (or some component under it). Just look at your or my message's
> Message-ID field.
>
> > So, anybody have any ideas what's up here?
>
> I would guess that someone has tried to automatically collect a lot of
> email addresses and ended up getting also those message id's. Then an
> attacker tries to intrude with those addresses.
>
> --
> /// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
> // OpenPGP: 6965F03973F0D4CA22B9410F0F2CAE0E07608462
I'd be watching the logs for the src address, and the 2nd time I saw the
same address, add it to my iptables drop recipe. voila! Your server no
longer responds to those addresses. As far as that address is concerned,
yourserver is no longer visible.
Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Reply to: