X-Received: by 2002:ac8:867:: with SMTP id x36-v6mr11343047qth.29.1526186725875; Sat, 12 May 2018 21:45:25 -0700 (PDT)
X-Received: by 2002:a1f:2206:: with SMTP id i6-v6mr1119917vki.8.1526186725628; Sat, 12 May 2018 21:45:25 -0700 (PDT)
Path: csiph.com!weretis.net!feeder6.news.weretis.net!feeder.usenetexpress.com!feeder-in1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!x25-v6no4950198qto.0!news-out.google.com!p41-v6ni282qtp.1!nntp.google.com!x25-v6no4950188qto.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail
Newsgroups: comp.os.linux.security
Date: Sat, 12 May 2018 21:45:25 -0700 (PDT)
In-Reply-To: <MPG.32b009718d0a4892989687@news.albasani.net>
Complaints-To: groups-abuse@google.com
Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=213.110.130.21; posting-account=y_mr-QoAAAAfVV0LNm1w5J0LqZ6Tutca
NNTP-Posting-Host: 213.110.130.21
References: <MPG.32b009718d0a4892989687@news.albasani.net>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <63502483-baeb-4a04-9ef1-31f3d4c90334@googlegroups.com>
Subject: Re: Mirai IP Blocklist
From: mikhail.kasimov@gmail.com
Injection-Date: Sun, 13 May 2018 04:45:25 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 49
Xref: csiph.com comp.os.linux.security:728

=D0=B2=D1=82=D0=BE=D1=80=D0=BD=D0=B8=D0=BA, 6 =D0=B4=D0=B5=D0=BA=D0=B0=D0=
=B1=D1=80=D1=8F 2016 =D0=B3., 6:32:44 UTC+2 =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=
=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8C Supratim Sanyal =D0=BD=D0=B0=D0=
=BF=D0=B8=D1=81=D0=B0=D0=BB:
> Hi,
>=20
> I am also maintaing a list of IP addresses from which I am seeing Mirai=
=20
> and family launching brute-force password breakin attempts:=20
> http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt
>=20
> It could be useful as an additional list for your PFBlockerNG on pfSense=
=20
> or similar other list-based blocking implementation on your firewall.
>=20
> Thank you.
>=20
>=20
>=20
>=20
>=20
> --=20
> Supratim Sanyal
> DECnet VMSMAIL: QCOCAL::SANYAL (via HECnet)
> Internet email: http://mcaf.ee/sdlg9f
> QCOCAL - VAXserver 3900/OpenVMS 7.3 - telnet://sanyalnet-openvms-
> vax.freeddns.org
> QCOCAL WASD: http://sanyalnet-openvms-vax.freeddns.org:82/
> CLOUDY - VAX-11/780/OpenVMS 7.3 - SET HOST from QCOCAL
> JUICHI - PDP-11/24/RSX-11M-PLUS - SET HOST from QCOCAL
> SunOS 5.11/Solaris 11 OpenIndiana: ssh sanyal.duckdns.org
> SanyalCraft Minecraft Server: sanyal.duckdns.org:25565
> NTP servers: sanyalnet-ntp.freeddns.org,sanyalnet-cloud-
> vps.freeddns.org,sanyalnet-cloudvps2.freeddns.org
> Ad-Malware-Ransomware Blocking Recursive DNS Servers: sanyalnet-cloud-
> vps.freeddns.org,sanyalnet-cloudvps2.freeddns.org
> WBRi Radio Stream: banglaradio.homeip.net:8000
> Anonymous FTP (Solaris 11): sanyal.duckdns.org / HTTP wrapper for FTP:=20
> http://sanyal.duckdns.org:81

Hello!

Please, add to list missed (found on detux.org):

89.186.189.241
142.58.24.170
143.239.27.171
182.232.250.171

Thanks!