Observation: with the beginning of the war against Iran, botnets more or less stopped attacking my mailserver.
-
Observation: with the beginning of the war against Iran, botnets more or less stopped attacking my mailserver. From typically 300–500 IP addresses per day it's now less than 5 since a week. Indicates that maybe quite some C&C (Command and Control) servers were operating from Iranian IP addresses and fell victim to the internet shutdown there.
-
Observation: with the beginning of the war against Iran, botnets more or less stopped attacking my mailserver. From typically 300–500 IP addresses per day it's now less than 5 since a week. Indicates that maybe quite some C&C (Command and Control) servers were operating from Iranian IP addresses and fell victim to the internet shutdown there.
@jwildeboer @homelab oh, that’s interesting.
Any idea why? -
@jwildeboer @homelab oh, that’s interesting.
Any idea why? -
Observation: with the beginning of the war against Iran, botnets more or less stopped attacking my mailserver. From typically 300–500 IP addresses per day it's now less than 5 since a week. Indicates that maybe quite some C&C (Command and Control) servers were operating from Iranian IP addresses and fell victim to the internet shutdown there.
@jwildeboer @homelab Or they have been reassigned to other tasks
-
Observation: with the beginning of the war against Iran, botnets more or less stopped attacking my mailserver. From typically 300–500 IP addresses per day it's now less than 5 since a week. Indicates that maybe quite some C&C (Command and Control) servers were operating from Iranian IP addresses and fell victim to the internet shutdown there.
@homelab The attacking IP addresses were always from many countries, with a bit of clustering in the US, China and indo-pacific countries. These botnets mostly use malware infected domestic devices. They do get their targets from the C&C servers and these seem to have gone quiet.
-
@homelab The attacking IP addresses were always from many countries, with a bit of clustering in the US, China and indo-pacific countries. These botnets mostly use malware infected domestic devices. They do get their targets from the C&C servers and these seem to have gone quiet.
@jwildeboer @homelab
Another possibility: They now have more specific targets which are not your servers? -
@jwildeboer @homelab
Another possibility: They now have more specific targets which are not your servers?@unixwitch Sure, also possible. The attacks have been ongoing for more than 3 years. The timing of them giving up on my machine may be coincidence. I share my observation in the hope that other people maybe confirm similar things in their logs. @homelab
-
R relay@relay.an.exchange shared this topic
