We have our first “extraterrestrial” hacking connection from Canada. They used the SPACEX-STARLINK device /connection on 26.07.2023 – it was a poor try.
Our first “extraterrestrial” hacking connection
However we have some real hackers on our umbrella-list. The first new IP-range from Germany (VPN) and some from Iran, China, a.o.
- 103.216.58.0/24
- 185.156.73.0/24
- 194.32.122.0/24
- 103.187.191.0/24
- 146.88.241.0/24
- 43.131.52.0/24
The week was not so busy and the honeypots are not really stressed. I was able to set up a new honeypot on an IP that was used for German KRITIS Infrastructure. It is funny to see how they try desperately to hack something that is not there only to get into a blackhole.
I noticed an increase of fake geo-ip trying to get over the geo-ip ban. The devices used for the attacks switched from hardware systems on single PC / networks to professional VDI on servers and a lot of computing power.
In one case the attacker had a powerful server from HP with the old esxi 6.7 😉 I think some of them need a good admin more than my non-existent data.
A admin can be a hacker but not every hacker is a good admin
my thoughts
How to get on my list
It is very easy to get on my list but once on it you stay there for a very long time or forever when you targeting KRITIS. For pro attackers targeting KRITIS is no possibility to get off the list others will be rechecked every YEAR. I check every IP-range by myself when I see multiple attacks or big attacks form an range it will be listed as 0/24.
Link to the list (TXT file) https://raubal-it.com/umbrella.txt
About the blocklist
I normally dedicate the list to my friends from Germany. The list addresses the purposes of German KRITIS Infrastructure (system critical infrastructure) services. The listed IP-ranges are specially known for attacks on that infrastructure. But as some friends from US and Asia told me my list is very useful for them too because of a simple fact that it blocks professional hacking attempts on critical systems.