this post was submitted on 29 Oct 2024
31 points (91.9% liked)

Technology

58959 readers
3727 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

To recap what’s (probably) going on:

  1. A malicious attacker has access to a network without BCP38 filtering.
  2. They send TCP connection requests to port 22 on many random internet machines - possibly deliberately selecting known honeypots or networks known to send automated abuse complaints.
  3. Those TCP connection requests use a spoofed source IP address, making the destination machines think the spoofed source sent that connection. They become the target of the automated abuse complaints.
  4. With a large enough volume, the spoofed IP quickly becomes widely blacklisted from many internet entities following blocklists, and the hosting provider might take action due to many abuse reports and shut down the server for being compromised / malicious.
no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here