|
|
|
|
|
|
by LinuxBender
699 days ago
|
|
|
I see IP's from the same subnet in a couple of blocklists. blocklist_de.ipset:146.152.233.43
blocklist_de_ssh.ipset:146.152.233.43
firehol_level2.netset:146.152.233.43
From this repo [1]That would suggest end-users have some way to control them, though usually for spam. Did you happen to by chance capture any of the individual packets in tcpdump verbose mode? e.g. tcpdump -p --dont-verify-checksums -i any -NNnnttvvv -B16384 -s0 -c 512 not port 22 -w /dev/shm/dos.cap
Command decoded: not promiscuous, checksums are useless computation here, all interfaces, disable resolving names, ports, services, use epoch time, very verbose, 16k buffer despite CPU likely being our bottleneck, full packet, 512 packets, not port 22 ssh, save to a file in a ramdiskDid you reach out to the person listed here? [2] Try that phone number in a few hours. Be polite and just give them the facts so they don't get defensive. If they don't answer try email. [1] - https://github.com/firehol/blocklist-ipsets.git [2] - https://bgp.he.net/AS4983#_whois |
|
|