[conduit] blacklist


Because the recent hacking attempt was more aggressive than usual, I have automated some old routines to automatically update the blacklist of offending IPs submitted to my firewalls... I am making this list available for anyone who may wish to use it.

It is currently linked from the top of my personal site:
http://modelweather.com/

If you would like to view an automatically generated table of known offenders including geographic information such as country, city, state, ip address, lat/lon etc... you may view it here (also linked from the main site) ... but beware, it is now a large table and may take awhile to load... by the end of Christmas vacation it will be autogenerated daily :)
http://modelweather.com/files/patrick/apf/

If you just wish to download the Glob.Deny.Rules IP list of known offenders you may wget it here... by the end of Christmas vacation it will be autogenerated daily:
http://modelweather.com/files/patrick/apf/glob.deny.rules

If you would like to wget view a CSV list of known offenders, with the geographic information above, you may wget it here ... by the end of Christmas vacation it will be autogenerated daily:
http://modelweather.com/files/patrick/apf/list.txt


Merry Christmas :)

cheers,

--patrick

ââââââââââââââââââââââ...........

Patrick L. Francis

Vice President of Research & Development

Aeris Weather



http://aerisweather.com/

http://modelweather.com/





wxprofessor@xxxxxxxxx

http://facebook.com/wxprofessor/




ââââââââââââââââââââââ



..






------ Original Message ------
From: "Patrick L. Francis" <wxprofessor@xxxxxxxxx>
To: "Carissa Klemmer - NOAA Federal" <carissa.l.klemmer@xxxxxxxx>; "Carissa Klemmer, NCEP Support" <ncep.pmb.dataflow@xxxxxxxx>; "nws.noaaport.support@xxxxxxxx" <NWS.NOAAPORT.SUPPORT@xxxxxxxx>; "NOAAPORT" <noaaport@xxxxxxxxxxxxxxxx>; "LDM" <ldm-users@xxxxxxxxxxxxxxxx>; "CONDUIT" <conduit@xxxxxxxxxxxxxxxx>
Sent: 12/15/2016 10:34:21 AM
Subject: Re: NAM Kerfluffle


-- correction --

I was wrong.. there was nothing wrong with NAM last night... We had an extremely high volume attempt to breach our systems... for example, the box on which the problems occurred, in the last hour we had:


root@5mod:/var/log# grep -c ail auth.log
122358

or 122K attempts to hack the box... what happened overnight is logs filled up the system not allowing nam to write to disk...

The source appears to be somewhere in China... they could have chosen me because that rack of servers sits directly on a 10GB Hurricane Electric backbone, or it could have just been a random event... In case they were targeting weather related systems, everyone may wish to look deeply into their logs to see if anyone dropped an egg on your system.

Sorry to bother!

cheers,

--patrick

ââââââââââââââââââââââ...........

Patrick L. Francis

Vice President of Research & Development

Aeris Weather



http://aerisweather.com/

http://modelweather.com/





wxprofessor@xxxxxxxxx

http://facebook.com/wxprofessor/




ââââââââââââââââââââââ



..






------ Original Message ------
From: "Patrick L. Francis" <wxprofessor@xxxxxxxxx>
To: "Carissa Klemmer - NOAA Federal" <carissa.l.klemmer@xxxxxxxx>; "Carissa Klemmer, NCEP Support" <ncep.pmb.dataflow@xxxxxxxx>; "nws.noaaport.support@xxxxxxxx" <NWS.NOAAPORT.SUPPORT@xxxxxxxx>; "NOAAPORT" <noaaport@xxxxxxxxxxxxxxxx>; "LDM" <ldm-users@xxxxxxxxxxxxxxxx>; "CONDUIT" <conduit@xxxxxxxxxxxxxxxx>
Sent: 12/15/2016 10:15:16 AM
Subject: NAM Kerfluffle


Rather serious errors transpired with NOAAPort NAM over the evening, and continues into this morning... this graphic contains 2 columns of nam directory listings... note that bot 12z and 06z runs contain errors.. what is interesting is that some hours report as 0 bytes (yet they still report), however other hours contain... well, several hour's worth of runs?

http://modelweather.com/files/noaaport/2016.12.15.noaaport.nam.png

this box has redundant independent direct noaaport feeds (2 dishes, 2 novras, both feeding etc..)

worried! .... :)

--patrick

ââââââââââââââââââââââ...........

Patrick L. Francis

Vice President of Research & Development

Aeris Weather



http://aerisweather.com/

http://modelweather.com/





wxprofessor@xxxxxxxxx

http://facebook.com/wxprofessor/




ââââââââââââââââââââââ



..