Should I Stop Caring and Let IP Address Reputation Sort Them Out? https://nxdomain.no/~peter/should_i_stop_caring_and_let_ip_reputation_sort_them_out.html

How long does data on misbehaving hosts on the Internet stay relevant in an IP Address Reputation context?

Link to poll within (on for a week, 4 days left, please *do* vote).

#security #passwordguessing #antispam #sshgropers #pop3gropers #blacklists #blocklists #bruteforcers #spam #cybercrime #ipreputation

(repost for the CET-ish crowd, some still in holiday mode, and with graphics of sorts added)

For the Monday morning (CET-ish) set:

I have just updated the article "The Hail Mary Cloud And The Lessons Learned" https://nxdomain.no/~peter/hailmary_lessons_learned.html aka field notes from the forever war against #passwordgropers on #ssh and elsewhere, with loads of more references to newer material and data #slowbrutes #hailmarycloud #bruteforcers #cybercrime

All links to my stuff has (at least) a nontracked option .

The topic of #ipv6 support came up at work (as it does sometimes) and a colleague asked, how popular is that protocol, really?

My best data source is the bruteforcers+webtrash data (twice hourly dump https://nxdomain.no/~peter/bruteforcers.txt, see https://nxdomain.no/~peter/badness_enumerated_by_robots.html for explanation, alternatively prettified and G-tracked https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html) and it looks like roughly seven percent of the source addresses for undesirable activity are IPv6, the rest old fashioned #IPv4. #passwordguessing #bruteforcers

I was wondering if there is already #GPU #accelerated #bruteforcers for hash-to-curve
https://datatracker.ietf.org/doc/rfc9380/ out there?
and going beyond just "simple" h2c, 2hashdh prf H(pwd, H2c(pwd)^k) seems to be popular, might as well also inquire about their support. #opaque is one case where this is being used.

does anyone know?

#hashcat #johntheripper /cc @epixoip