Author: Samuel Date: To: exim-users Subject: Re: [exim] Exim + grsecurity + ssl = dos
Hello,
Le 01/06/2016 à 16:41, Always Learning a écrit : > On Wed, 2016-06-01 at 15:05 +0200, Renaud Allard wrote:
>
>> Given the name of the host researchscanXXX, may I assume you have used a
>> server to test the crypto? So if it has indeed attempted some kind of
>> brute force, maybe grsec was right.
> Its an Internet pest from the USA's Michigan University.
>
> ~~~~~~
>
> In February 2014, they stated
>
> "These connections are part of an Internet-wide network survey being
> conducted by computer scientists at the University of Michigan. The
> survey involves making TCP connection attempts to large subsets of the
> public IP address space and analyzing the responses. We select addresses
> to contact in a random order, and each address receives only a very
> small number of connection attempts. We do not attempt to guess
> passwords or access data that is not publicly visible at the address.
> Some of our previous results can be found at
> http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf."
>
> "If these scans are causing problems, we would be happy to exclude your
> IP address from future research scans."
>
> ~~~~~~
>
> In February 2015 they stated
>
> "We understand if you'd like to drop scan related traffic. If you are
> going to do this, the correct subnets to blacklist are 141.212.121.0/24
> and 141.212.122.0/24"
>
> ~~~~~~
