|
I0OJJ > JNOS2 09.12.20 15:12z 93 Lines 3149 Bytes #999 (0) @ WW
BID : 2Z0A_I0OJJ
Read: GUEST
Subj: Re: new release DOS ATTACK
Path: SR1BSZ<EA2RCF<ZL2BAU<W9ABA<N9PMO<VE3UIL<VE2PKT<VE3CGR<I0OJJ
Sent: 201209/1504z @:I0OJJ.ITA.EU [Rome] $:2Z0A_I0OJJ
>From i0ojj@i0ojj.ampr.org Wed Dec 9 16:04:41 2020
Received: from ir0rm-7.ampr.org by i0ojj.ampr.org (JNOS2.0m.5f) with SMTP
id AA138682 ; Wed, 09 Dec 2020 16:04:41 +0100
References: <48112G4APL@i0ojj.bbs>
>From: Gustavo Ponza <i0ojj@i0ojj.ampr.org>
Organization: SICD Rome
Message-ID: <2549f12d-2f9e-1fcd-16ea-35961c80ddbc@i0ojj.ampr.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:78.0) Gecko/20100101
Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <48112G4APL@i0ojj.bbs>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Hi,
On 12/9/20 11:16 AM, g4apl@gb7cip.#32.gbr.euro wrote:
> R:201209/1019z @:I0OJJ.ITA.EU $:48112G4APL
> R:201209/1019z @:I3XTY.TV.IVEN.ITA.EU $:48112G4APL
> R:201209/1019z @:IZ3LSV.IVEN.ITA.EU $:48112G4APL
> R:201209/1019z @:IK5FKA.#FI.ITOS.ITA.EU $:48112G4APL
> R:201209/1018Z 19656@IK5FKA.ITOS.ITA.EU LinBPQ6.0.19
> R:201209/1018Z 29440@PE1RRR.#NBW.NLD.EURO LinBPQ6.0.20
> R:201209/1018Z 3698@PY2BIL.SP.BRA.SOAM LinBPQ6.0.20
> R:201209/1018Z 560@OK2PEN.SP.BRA.SOAM [Sao Jose dos Campos] $:48112G4APL
> R:201209/1017Z @:GB7CIP.#32.GBR.EURO #:15339 [Caterham Surrey GBR] $:48112G4APL
> R:201209/1016Z @:GB7CIP.#32.GBR.EURO [Caterham, IO91WH] Linux mailgw-0.3.1.8
> R:201209/1016Z @:GB7CIP.#32.GBR.EURO $:48112G4APL
> T:From: Paul Lewis <g4apl@gb7cip.ampr.org>
> T:Newsgroups: ampr.ip.jnos
> T:Message-Id: <rqq75c$4ds$1@gb7cip.ampr.org>
>
> i0ojj%i0ojj.ita.eu@gb7cip.ampr.org wrote:
>> >From i0ojj%i0ojj.ita.eu@n2nov.ampr.org Sat Dec 5 15:33:39 2020
>> Received: from n2nov.ampr.org by n2nov.ampr.org (JNOS2.0m.5D) with SMTP
>> id AA179843 ; Sat, 05 Dec 2020 15:33:39 EST
>> Message-Id: <2YTQ_I0OJJ@VE3CGR.bbs>
>
> GB7CIP over the past 36 hours is 'being attacked'
> with a Denial Of Service attack to it's
> protocol 93 axip Interface
> Seen from the following system 8 December
> VE4KLM
> VK7AX
> N2NOX
>
> that have direct Internet links to gb7cip.ampr.org
>
> These links will be dropped
> Currently just seeing VE4KLM 9 December still hammering away..!!
>
> as getting hundreds of connections per minute and
> not connecting
> as seen by the real time network monitoring.
> Other systems linking over the same interface
> are performing correctly
>
> Suggest these systems monitor your outgoing interfaces..
> when you update your software.
>
>
> 73 de Paul G4APL Network Security officer gb7cip
As of this last months, the evil/nasty activities have ceased
in my facilities.
The following guidelines apply:
- setup of axip links ONLY via 44net IP numbers:
- setup of axudp links EXCLUSIVELY for other public IPs;
- use the latest linux versions:
- use the lastest apps/tools/libs for AX.25:
- use the NetRom/INP3/Flexnet/...
- use the state-of-art programs;
- etc.
The introduction of MFA feature deployed by JNOS2 is a very
good weapon to DEFINITIVELY defeat the harmful telnet attacks.
So it is fully recommended the abandon of all softwares and
ancient programs... and learn the linux technology as a router
and network server, and so on.
good luck!
--
73 and ciao, gustavo i0ojj/ir0aab/ir0eq
non multa, sed multum
Read previous mail | Read next mail
| |