[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Attacks from poneytelecom.eu

On Tue, Jan 02, 2018 at 11:35:14PM -0800, Troy Mursch wrote:
> Back in September, I documented my poor experience with AS12876 here:


That AS has been originating brute-force attacks against ssh, pop, imap, etc.
for at least four years (and likely longer, but I didn't have older logs
handy).  It's also a persistent high-volume source of spam.  Its operators
are either thoroughly incompetent or fully complicit; there's no way to
tell from outside and operationally, it makes no difference.  So at minimum
I recommend blocking all connections from it to authenticated services
and refusing all SMTP traffic from rev.poneytelecom.eu and