dmarc stats – or hi to 754th Electronic Systems Group of the us air force.

scumbag spammer Robert Soloway

scumbag spammer Robert Soloway

Dmarc (my blog) is something really really boring – in fact most microsoft admins have never heard of it along with spf but that is the sad state of microsoft who i love to poke fun at given an opportunity (my blog) to do so.

Anyhow i was getting bored of collecting some other information and so decided to document dmarc attempts.

I can do this as non microsoft people have things that send this info remotely so this is not something i was looking for but an event that a mail provider saw.

A month in and i have 37 offenders and 86% of them originated from China

Here is two months, note the suspicious quantities of certain subnets.

sort -n dkim.bl| uniq -c

      1 58.100.0.105 58.100.0.0 - 58.101.255.255 WASUHZ CN ipas@cnnic.cn
      1 58.100.0.110
      1 58.100.0.166
      1 58.100.0.207
      1 58.100.0.236
      1 58.100.0.26
      1 58.100.0.32
      1 58.100.0.46
      1 58.100.0.73
      1 58.100.1.145
      1 58.100.1.155
      1 58.100.1.211
      1 58.100.182.224
      1 58.100.201.100
      1 58.100.201.104
      2 58.100.201.105
      1 58.100.201.131
      1 58.100.201.138
      1 58.100.201.140
      1 58.100.201.152
      1 58.100.201.155
      1 58.100.201.207
      1 58.100.201.236
      1 58.100.201.244
      1 58.100.201.246
      1 58.100.201.81
      1 58.100.201.88
      1 58.100.2.100
      1 58.100.2.118
      1 58.100.2.128
      1 58.100.2.170
      1 58.100.2.187
      1 58.100.2.19
      1 58.100.2.192
      1 58.100.2.197
      1 58.100.2.201
      1 58.100.2.240
      1 58.100.2.31
      1 58.100.2.34
      1 58.100.24.4
      1 58.100.2.97
      1 58.100.3.107
      2 58.100.3.13
      1 58.100.3.140
      1 58.100.3.16
      1 58.100.3.175
      1 58.100.3.179
      1 58.100.3.184
      1 58.100.3.194
      1 58.100.3.242
      2 58.100.3.27
      1 58.100.3.4
      1 58.100.3.90
      1 58.100.4.177
      1 58.100.4.237
      1 58.100.4.248
      1 58.100.5.105
      1 58.100.5.146
      1 58.100.5.15
      1 58.100.5.180
      1 58.100.5.94
      1 58.100.6.106
      1 58.100.6.110
      1 58.100.6.216
      1 58.100.6.219
      1 58.100.6.39
      1 58.100.7.107
      1 58.100.7.113
      1 58.100.7.135
      1 58.100.7.149
      1 58.100.7.18
      1 58.100.7.228
      1 58.100.7.56
      1 58.100.7.84
      1 58.101.149.139
      1 58.101.149.143
      1 58.101.149.158
      2 58.101.149.177
      1 58.101.149.180
      1 58.101.149.221
      1 58.101.149.222
      1 58.101.149.223
      1 58.101.149.228
      3 58.101.149.234
(91)  1 58.101.208.115
      1 101.71.192.51 101.64.0.0 - 101.71.255.255 UNICOM-ZJ CN zhouxm@chinaunicom.cn
      1 101.71.193.235
      1 101.71.194.100
      1 101.71.194.198
      1 101.71.196.49
      1 101.71.196.70
      1 101.71.196.8
      1 101.71.197.4
      1 101.71.197.60
      1 101.71.217.144
(11)  1 101.71.217.192
 (1)  1 114.148.3.208 114.148.0.0 - 114.148.127.255 OCN JP
      1 123.158.33.124 123.152.0.0 - 123.159.255.255 UNICOM-ZJ CN abuse@cnc-noc.net
 (2)  1 123.158.33.197
      1 124.90.194.31 124.90.0.0 - 124.91.255.255 UNICOM-ZJ CN abuse@cnc-noc.net
      1 124.90.199.159
      1 124.90.199.235
      1 124.90.69.93
      1 124.90.70.79
 (6)  1 124.90.71.85
      1 128.238.7.189 128.238.0.0 - 128.238.255.255 POLY-U-NET US noc-na23-poly-arin@nyu.edu
      1 131.44.184.194 131.44.0.0 - 131.44.255.255 RANDOLPH1-NET US disa.columbus.ns.mbx.arin-registrations@mail.mil
      1 140.28.152.236 140.28.0.0 - 140.28.255.255 DNIC-RNET-140-028 US disa.columbus.ns.mbx.arin-registrations@mail.mil
      1 218.109.107.134 218.109.107.0 - 218.109.107.255 WASU-BB CN abuse@hzdtv.com
      1 218.109.220.125
      1 218.109.221.247
      1 218.109.243.207
 (5)  1 218.109.253.141
      1 219.82.112.65 219.82.112.0 - 219.82.112.255 WASU-BB CN abuse@hzdtv.com
      1 219.82.160.124 219.82.160.0 - 219.82.160.255 WASU-BB CN abuse@hzdtv.com
      1 219.82.164.18 219.82.164.0 - 219.82.164.255 WASU-BB CN abuse@hzdtv.com 
      1 219.82.166.132 219.82.166.0 - 219.82.166.255 WASU-BB CN abuse@hzdtv.com
      1 219.82.184.136 219.82.184.0 - 219.82.184.255 WASU-BB CN abuse@hzdtv.com
      1 219.82.187.68 219.82.187.0 - 219.82.187.255 WASU-BB CN abuse@hzdtv.com
      1 219.82.35.1 219.82.35.0 - 219.82.35.255 WASU-BB CN abuse@hzdtv.com
      1 219.82.50.249 219.82.50.0 - 219.82.50.255 WASU-BB CN abuse@hzdtv.com
      1 219.82.51.206 219.82.51.0 - 219.82.51.255 WASU-BB CN abuse@hzdtv.com
      1 219.82.51.75
 (3)  1 219.82.57.167
      1 228.143.204.76 dmarc report error

secretOf interest is the false ip i copied and pasted from the dmarc reports so the error is not mine that is what some isp sent.   Most of these are Chinese, but the 754th Electronic Systems Group in the US airforce deserve an honourable mention although there a bit shit at what they do as there’s a reddit topic on them and when us apes notice them you have a problem.

I wonder what they where trying to do ?

The text should be parseable with ” ” into a spreadsheet.

systemd breaks a laptops suspend as a ‘new’ feature.

Potterang to rename the command cat to dog

Lennart Poettering to rename the command cat to dog

I run debian testing so i see all the fuck ups by Lennart Poettering* who probably one day will change the cat command to dog**, that’s Lennart Poettering for you.

I notice with testing systemd has wiped off suspend and resume hardware features so when i go to a screensaver all my consoles and firefox windows close.

reminds me of

reminds me of

So i have to fire up new terminals and do all this shit again – see what i mean.  Perhaps i was using the wrong browser since Lennart Poettering did not write it and the same can be said for the terminal.

Anyhow Lennart Poettering knows best.

I know its testing not stable but i look forward to running Lennart Poettering’s web browser when he writes one which i guess is one of the joys of such brilliant software.

*pulseaudio is another thing from him ** bark is also choice.

When 48% is not a majority of mainstream ‘thinking’

Trump may have a rodent on his head, but he might fix campaign finance

Trump may have a rodent on his head, but he might fix campaign finance

Politics bores me and the debates are disingenuous (my blog), statistics do not. So when 48% vote against major parties ‘advice’ do they really speak as the only voices the msm (my blog) use.

Trump and Corbin are signs of the issue on right and left, but the unwillingness of people to even follow ‘one of there’s’ even when seen as not one of the politically faithful is worth thinking about.

I vote green so i am usually ignored so but do let me remind you by pointing out that 51% dont agree with the establishment two party system.

So is it representative ? – i leave you with that question.

ice cream in cold climates

the northern beach

the northern beach

ice cream is not something we zoo apes do not have a lot off, despite the monkey house having a machine.

Buying cream is downright near impossible it is sold but its not on the list with bananas.

If we do have some nice weeks then we have no ice cream, but when it gets (rainy the usual summer) then cream is bought.  I do recommend home made ice cream although a rare treat..

Adobe flash gets bizarre

retardI cannot play drm’ed flash videos in linux due to no libhal support which has been superseeded, and html5 sort of does a good job if you ignore the drm issues. I downloaded a chrome os image and see if it can play drm flash and no it can’t too since it uses the same thing.

If copyright holders only like mac and windows then i can easily quit watching drm videos which seem to be barely supported even by microsoft and as apple who also hate flash so i am not shelling out £80 for a licence that will be wga invalid (my blog) , so i suppose android users cant use flash with drm.

It will be interesting to see when wipo and the copyright mafia start breaking ‘smart’ tv’s (my blog), after all its going to happen and i doubt the makers of said items will support you and wipo will laugh at you.

If i was a television person* i would be worrying about the loss of page views from other clients like us after all the world is more than apple and microsoft even if you have never heard of mobile phones but i am glad its not my problem. Flash is like that embarrassing uncle you have who is a tolerated acquaintance.

Its a horrid mess for somebody else to figure out, no netflix subscription either.

It does not really matter to me and i am fine with our operating systems choices.

Phew and a hello to uncle Erasmus is in order. *no.

EU referendums [sigh]

hokey

hokey cokey

The eu is a thing not without it’s issues say Greece (my blog), and its use as a dump for failed politicians say the Kinnocks* certainly makes it toxic but a usefull place to dump political failures.

But there are levels in europe and despite the odd scrounger an in out thing hardly makes much sense here is why.

open borders ? – not applicable, nato membership not up for debate, enforced euro (€) conversion not applicable, you get the idea.

Britain might be honest than say the irish, (my blog)  who pay like ‘catholics to rome’ to the eu like the greeks and the irish with there odd views on tax and the shit they get away with but since most of you never had any input into the eu or be ignored by the red or blue national politicians who you voted for (a select few of you)  i see little point in this debate now.  National parties want power, so voting for a national party in europe is pointless.

Earlier on in the year a politician urged all to vote, and then discovered that the most of the uk will be decamping to a pop concert on the day of the vote.

You will find us in the zoo not at Glastonbury (my blog) because the media are downright pissed off because they can’t make the decision for us.  Vile scum these commentators, however the monkey house has lost its poll cards.

There will be a cost in reputation for the media, and the dead member of parliament was perhaps not the audience participation they wanted but they got fear and death returned to them.  I thought politics was peaceful.

Darl McBride, puppet of microsoft and crook

Darl McBride, puppet of microsoft and crook

Whatever happens i am sure neither ‘side’ will get what they promised and it did not really mean what you thought they said.

*think Wales, and nepotism.

“Glastonbury”

guess who this person is

you might get this dullard

Is a festival that is a bit too famous. The monkey house has never been as the tickets sell out in about three seconds on a sunday morning which most of the bbc* end up at too being a jolly on the license payers expense.

Nobody knows who is doing what before so its not an event for the person with specific tastes say like me.

Mind you it is not like it needs my help and the average visitor does not give a stuff about it so i assume people go for social reasons rather than the ‘music’.

At least that’s my thinking.

*i assume they already voted in the referendum tomorrow.