Connectivity
Connectivity and managing Your Comcast Business network
Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician. They're Standing in Data Center, Rack Server Cabinet is Open.
Highlighted
kc7gr
New Contributor

ATTN: Comcast Security, repeated hack attempts

Comcast Security, It appears someone is attempting (thankfully, with no success) to compromise our mail server. It further appears these attempts are coming from a comcastbusiness.net IP address (one which, I'll wager, has been compromised by the Virus-of-the-Week, and is being abused to launch this 'attack'). Here is an excerpt from our firewall's log.

 

 

Mar 25 13:37:16 vm-willy postfix/smtpd[27064]: connect from 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114] Mar 25 13:37:21 vm-willy postfix/smtpd[27064]: warning: 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

 

Mar 25 13:37:21 vm-willy postfix/smtpd[27064]: disconnect from 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114] Mar 25 13:39:09 vm-willy postfix/smtpd[27070]: initializing the server-side TLS engine Mar 25 13:39:09 vm-willy postfix/smtpd[27070]: connect from 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114] Mar 25 13:39:13 vm-willy postfix/smtpd[27070]: warning: 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

 

Mar 25 13:39:13 vm-willy postfix/smtpd[27070]: disconnect from 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114] Mar 25 13:40:49 vm-willy postfix/anvil[26216]: statistics: max cache size 2 at Mar 25 13:36:06 Mar 25 13:40:59 vm-willy postfix/smtpd[27084]: initializing the server-side TLS engine

 

Mar 25 13:40:59 vm-willy postfix/smtpd[27084]: connect from 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114] Mar 25 13:41:03 vm-willy postfix/smtpd[27084]: warning: 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

 

Mar 25 13:41:03 vm-willy postfix/smtpd[27084]: disconnect from 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114] Mar 25 13:42:49 vm-willy postfix/smtpd[27087]: initializing the server-side TLS engine Mar 25 13:42:49 vm-willy postfix/smtpd[27087]: connect from 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114] Mar 25 13:42:54 vm-willy postfix/smtpd[27087]: warning: 50-202-230-114-static.hfc.comcastbusiness.net[50.202.230.114]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

 

These attempts have been going on since at least 1217 PDT today (March 25th). They continued up until I configured our firewall to block the source IP address.

 

So -- Why am I reporting this here, instead of calling it in to Comcast "Support?"

 

Because the level of faith I have in said "support" to even understand what I'm talking about, let alone take corrective measures, lies somewhere in the negative numbers.

 

I do wish the City of Kent would hurry up and create their municipal fiber network...

 

Thank you.

0 Kudos
Reply
2 REPLIES 2
Trusted Forum Contributor

Re: ATTN: Comcast Security, repeated hack attempts

You can also try emailing abuse@comcast.net . That is the official ARIN POC for abuse at that address.

 

https://whois.arin.net/rest/net/NET-50-128-0-0-1/pft?s=50.202.230.114

0 Kudos
Reply
kc7gr
New Contributor

Re: ATTN: Comcast Security, repeated hack attempts

I appreciate the thought but, again, it's a question of confidence that something would be done (or lack thereof).

 

In any case, it's academic. The problem went away a day or so after I posted. I can only assume the source was dropped from the 'net or the user of said source virus-cleaned it.

 

Thanks.

 

0 Kudos
Reply