[Operators] DoS attacker: "mafia_rullezz_*"

Nicolas Vérité nicolas.verite at gmail.com
Fri Dec 2 13:59:47 UTC 2011


Maybe some precision:
all the "mafia_rullezz_*" JIDs come from S2S (other servers and
domains), and they all target only one of our hosted users.

So, maybe you can all check your domains, that you have no such JIDs.


On Fri, Dec 2, 2011 at 13:27, Nigel Kukard <nkukard at lbsd.net> wrote:
>
> On 12/02/11 12:25, Nicolas Vérité wrote:
>>
>> Hi all,
>>
>> Just a quick email to let you know that we are facing DoS attack on
>> Hosted.IM, our XMPP service hosting platform.
>> The attacker has "mafia_rullezz_*" in its multiple JIDs. It just sends
>> messages. At least another XMPP server suffered from these kind of
>> entities.
>> Regards
>
>
> I get registration requests and blackholed all the IP's I saw registrations
> from.
>
> Not sure if you're the victim or host that he's using, but ... here is my
> blackhole list
>
> blackhole 91.103.156.182
> blackhole 81.177.160.8
> blackhole 62.109.3.92
> blackhole 85.115.234.116
> blackhole 41.107.137.39
> blackhole 81.176.229.236
> blackhole 81.177.33.141
> blackhole 41.201.239.3
> blackhole 89.112.10.50
> blackhole 87.98.168.93
> blackhole 195.110.32.60
> blackhole 87.251.157.0/24
>
> -N
>
>



-- 
Nicolas Vérité (Nÿco) mailto:nicolas.verite at gmail.com
Jabber ID : xmpp:nyco at jabber.fr


More information about the Operators mailing list