Hello, welcome to the Wednesday, October 20th, 2021 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and the time recording from Riyadh, Saudi Arabia.

Well, you probably have heard of the great Chinese firewall and its ability to block certain keywords for users within China.

Occasionally here suggestions that it's possible to simply block mail connections with that,

a lot of spam and also just simple scanning by returning some of these keywords to anybody connecting to your mail server.

So this last couple of weeks, I ran a little experiment where I first basically left my

mail server alone, then later set up a mail server banner that included some of these

keywords to see whether or not this will

reduce the number of connections from China. Didn't look like it really made a difference. It

went from 11% to 9% of the IP addresses connecting to the mail server. We're from China. This is

really sort of within the error of the measurement.

So I really think that experiment has been somewhat inconclusive or if at all proving that

these simple keywords probably don't make enough of a difference.

We'll leave it running for a while and see if maybe over time there is a

change, but looks like at least just simply returning them as a banner doesn't make a difference

and, well, also probably should try a couple different keywords because there is no real sort of

official list of blocked keywords.

And the FBI released a public service announcement regarding a number of websites that are impersonating government assistance websites in an attempt to steal users' personal data.

Essentially, fishing these websites are using some look-alike domain names, usually

at least the list that the FBI published. They use the dot XYC top-level domain, and well,

then they are asking users for personal information under the pretense of signing up for some form

of unemployment or other assistance. Given that October is the Cybersecurity Awareness Month,

...