| |
G4APL > JNOS 09.12.20 16:39z 100 Lines 3621 Bytes #999 (0) @ WW
BID : 60498G4APL
Read: GUEST
Subj: Re: new release DOS ATTACK
Path: SR1BSZ<SV1CMG<ON0AR<DB0RES<DB0ERF<IZ3LSV<IK5FKA<IK5FKA<PE1RRR<PY2BIL<
OK2PEN<GB7CIP<GB7CIP<GB7CIP
Sent: 201209/1636Z @:GB7CIP.#32.GBR.EURO $:60498G4APL
T:From: Paul Lewis <g4apl@gb7cip.ampr.org>
T:Newsgroups: ampr.ip.jnos
T:Message-Id: <rqqud4$s1s$1@gb7cip.ampr.org>
i0ojj%i0ojj.ita.eu@gb7cip.ampr.org wrote:
>>From i0ojj@i0ojj.ampr.org Wed Dec 9 16:04:41 2020
> Received: from ir0rm-7.ampr.org by i0ojj.ampr.org (JNOS2.0m.5f) with SMTP
> id AA138682 ; Wed, 09 Dec 2020 16:04:41 +0100
> References: <48112G4APL@i0ojj.bbs>
>>From: Gustavo Ponza <i0ojj@i0ojj.ampr.org>
> Organization: SICD Rome
> Message-ID: <2549f12d-2f9e-1fcd-16ea-35961c80ddbc@i0ojj.ampr.org>
> User-Agent: Mozilla/5.0 (X11; Linux i686; rv:78.0) Gecko/20100101
> Thunderbird/78.5.1
> MIME-Version: 1.0
> In-Reply-To: <48112G4APL@i0ojj.bbs>
> Content-Type: text/plain; charset=utf-8; format=flowed
> Content-Language: en-US
> Content-Transfer-Encoding: 7bit
>
> Hi,
>
> On 12/9/20 11:16 AM, g4apl@gb7cip.#32.gbr.euro wrote:
>> R:201209/1019z @:I0OJJ.ITA.EU $:48112G4APL
>> R:201209/1019z @:I3XTY.TV.IVEN.ITA.EU $:48112G4APL
>> R:201209/1019z @:IZ3LSV.IVEN.ITA.EU $:48112G4APL
>> R:201209/1019z @:IK5FKA.#FI.ITOS.ITA.EU $:48112G4APL
>> R:201209/1018Z 19656@IK5FKA.ITOS.ITA.EU LinBPQ6.0.19
>> R:201209/1018Z 29440@PE1RRR.#NBW.NLD.EURO LinBPQ6.0.20
>> R:201209/1018Z 3698@PY2BIL.SP.BRA.SOAM LinBPQ6.0.20
>> R:201209/1018Z 560@OK2PEN.SP.BRA.SOAM [Sao Jose dos Campos] $:48112G4APL
>> R:201209/1017Z @:GB7CIP.#32.GBR.EURO #:15339 [Caterham Surrey GBR] $:48112G4APL
>> R:201209/1016Z @:GB7CIP.#32.GBR.EURO [Caterham, IO91WH] Linux mailgw-0.3.1.8
>> R:201209/1016Z @:GB7CIP.#32.GBR.EURO $:48112G4APL
>> T:From: Paul Lewis <g4apl@gb7cip.ampr.org>
>> T:Newsgroups: ampr.ip.jnos
>> T:Message-Id: <rqq75c$4ds$1@gb7cip.ampr.org>
>>
>> i0ojj%i0ojj.ita.eu@gb7cip.ampr.org wrote:
>>> >From i0ojj%i0ojj.ita.eu@n2nov.ampr.org Sat Dec 5 15:33:39 2020
>>> Received: from n2nov.ampr.org by n2nov.ampr.org (JNOS2.0m.5D) with SMTP
>>> id AA179843 ; Sat, 05 Dec 2020 15:33:39 EST
>>> Message-Id: <2YTQ_I0OJJ@VE3CGR.bbs>
>>
>> GB7CIP over the past 36 hours is 'being attacked'
>> with a Denial Of Service attack to it's
>> protocol 93 axip Interface
>> Seen from the following system 8 December
>> VE4KLM
>> VK7AX
>> N2NOX
>>
>> that have direct Internet links to gb7cip.ampr.org
>>
>> These links will be dropped
>> Currently just seeing VE4KLM 9 December still hammering away..!!
>>
>> as getting hundreds of connections per minute and
>> not connecting
>> as seen by the real time network monitoring.
>> Other systems linking over the same interface
>> are performing correctly
>>
>> Suggest these systems monitor your outgoing interfaces..
>> when you update your software.
>>
>>
>> 73 de Paul G4APL Network Security officer gb7cip
>
>
> As of this last months, the evil/nasty activities have ceased
> in my facilities.
>
> The following guidelines apply:
>
> - setup of axip links ONLY via 44net IP numbers:
> - setup of axudp links EXCLUSIVELY for other public IPs;
> - use the latest linux versions:
> - use the lastest apps/tools/libs for AX.25:
> - use the NetRom/INP3/Flexnet/...
> - use the state-of-art programs;
> - etc.
>
> The introduction of MFA feature deployed by JNOS2 is a very
> good weapon to DEFINITIVELY defeat the harmful telnet attacks.
>
> So it is fully recommended the abandon of all softwares and
> ancient programs... and learn the linux technology as a router
> and network server, and so on.
>
> good luck!
>
Yes I have been following those guidelines for a very long time
Run a deny all in and out to start off with.
73 de Paul
--
amprnet g4apl@gb7cip.ampr.org ax25 g4apl@gb7cip.#32.gbr.euro
amprnet http://gb7cip.ampr.org Inet http://www.theskywaves.net
Read previous mail | Read next mail
| |