Because the recent hacking attempt was more aggressive than usual, I
have automated some old routines to automatically update the blacklist
of offending IPs submitted to my firewalls... I am making this list
available for anyone who may wish to use it.
It is currently linked from the top of my personal site:
http://modelweather.com/
If you would like to view an automatically generated table of known
offenders including geographic information such as country, city, state,
ip address, lat/lon etc... you may view it here (also linked from the
main site) ... but beware, it is now a large table and may take awhile
to load... by the end of Christmas vacation it will be autogenerated
daily :)
http://modelweather.com/files/patrick/apf/
If you just wish to download the Glob.Deny.Rules IP list of known
offenders you may wget it here... by the end of Christmas vacation it
will be autogenerated daily:
http://modelweather.com/files/patrick/apf/glob.deny.rules
If you would like to wget view a CSV list of known offenders, with the
geographic information above, you may wget it here ... by the end of
Christmas vacation it will be autogenerated daily:
http://modelweather.com/files/patrick/apf/list.txt
Merry Christmas :)
cheers,
--patrick
…………………………………………………………...........
Patrick L. Francis
Vice President of Research & Development
Aeris Weather
http://aerisweather.com/
http://modelweather.com/
wxprofessor@xxxxxxxxx
http://facebook.com/wxprofessor/
…………………………………………………………
..
------ Original Message ------
From: "Patrick L. Francis" <wxprofessor@xxxxxxxxx>
To: "Carissa Klemmer - NOAA Federal" <carissa.l.klemmer@xxxxxxxx>;
"Carissa Klemmer, NCEP Support" <ncep.pmb.dataflow@xxxxxxxx>;
"nws.noaaport.support@xxxxxxxx" <NWS.NOAAPORT.SUPPORT@xxxxxxxx>;
"NOAAPORT" <noaaport@xxxxxxxxxxxxxxxx>; "LDM"
<ldm-users@xxxxxxxxxxxxxxxx>; "CONDUIT" <conduit@xxxxxxxxxxxxxxxx>
Sent: 12/15/2016 10:34:21 AM
Subject: Re: NAM Kerfluffle
-- correction --
I was wrong.. there was nothing wrong with NAM last night... We had an
extremely high volume attempt to breach our systems... for example, the
box on which the problems occurred, in the last hour we had:
root@5mod:/var/log# grep -c ail auth.log
122358
or 122K attempts to hack the box... what happened overnight is logs
filled up the system not allowing nam to write to disk...
The source appears to be somewhere in China... they could have chosen
me because that rack of servers sits directly on a 10GB Hurricane
Electric backbone, or it could have just been a random event... In case
they were targeting weather related systems, everyone may wish to look
deeply into their logs to see if anyone dropped an egg on your system.
Sorry to bother!
cheers,
--patrick
…………………………………………………………...........
Patrick L. Francis
Vice President of Research & Development
Aeris Weather
http://aerisweather.com/
http://modelweather.com/
wxprofessor@xxxxxxxxx
http://facebook.com/wxprofessor/
…………………………………………………………
..
------ Original Message ------
From: "Patrick L. Francis" <wxprofessor@xxxxxxxxx>
To: "Carissa Klemmer - NOAA Federal" <carissa.l.klemmer@xxxxxxxx>;
"Carissa Klemmer, NCEP Support" <ncep.pmb.dataflow@xxxxxxxx>;
"nws.noaaport.support@xxxxxxxx" <NWS.NOAAPORT.SUPPORT@xxxxxxxx>;
"NOAAPORT" <noaaport@xxxxxxxxxxxxxxxx>; "LDM"
<ldm-users@xxxxxxxxxxxxxxxx>; "CONDUIT" <conduit@xxxxxxxxxxxxxxxx>
Sent: 12/15/2016 10:15:16 AM
Subject: NAM Kerfluffle
Rather serious errors transpired with NOAAPort NAM over the evening,
and continues into this morning... this graphic contains 2 columns of
nam directory listings... note that bot 12z and 06z runs contain
errors.. what is interesting is that some hours report as 0 bytes (yet
they still report), however other hours contain... well, several
hour's worth of runs?
http://modelweather.com/files/noaaport/2016.12.15.noaaport.nam.png
this box has redundant independent direct noaaport feeds (2 dishes, 2
novras, both feeding etc..)
worried! .... :)
--patrick
…………………………………………………………...........
Patrick L. Francis
Vice President of Research & Development
Aeris Weather
http://aerisweather.com/
http://modelweather.com/
wxprofessor@xxxxxxxxx
http://facebook.com/wxprofessor/
…………………………………………………………
..
