From: "Massimo S." Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 7162070 for ecs-isp@2rosenthals.com; Mon, 15 May 2023 14:39:03 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:45632 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1pyd64-0006eH-0a for ecs-isp@2rosenthals.com; Mon, 15 May 2023 14:39:00 -0400 Received: from mail2.quasarbbs.net ([80.86.52.115]:10087) by mail2.2rosenthals.com with esmtp (Exim 4.96) (envelope-from ) id 1pyd61-0003jH-1M for ecs-isp@2rosenthals.com; Mon, 15 May 2023 14:38:57 -0400 X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_1000_LESS 0.000000, BODY_SIZE_2000_LESS 0.000000, BODY_SIZE_400_499 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, RCVD_EXIM_IP_PORT 1.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __RCVD_EXIM_IP_PORT 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SHIPPING_ACTION 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_SHORT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_NO_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 13% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.1, AntispamData: 2023.5.15.175716 X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_1000_LESS 0.000000, BODY_SIZE_2000_LESS 0.000000, BODY_SIZE_400_499 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REPLYTO_SAMEAS_FROM 0.000000, __ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SHIPPING_ACTION 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_SHORT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_NO_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 8% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.1, AntispamData: 2023.5.15.175716 Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.79) for ; 15 May 2023 20:39:07 To: eCS ISP Mailing List Reply-To: ml@ecomstation.it Subject: IFW UI problem Organization: eComStation dot it Message-ID: <57cb73d9-80ab-7e38-9d2b-93ad5fd657b0@ecomstation.it> Date: Mon, 15 May 2023 20:38:52 +0200 User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424 Thunderbird/1.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Language: it-IT Content-Transfer-Encoding: 7bit Hi all, Injoy FW client/GUI don't show the entire mnemonic address of the attacker, but something like: 4.77..everse.com:17.. etc... in this moment i'm receinving a DDOS on DNS that make weasel sometimes to exit understanding an anddress that show like 24.77..everse.com is nearly a pain in the .. from the connect.log i'm not finding this "24.77" or similar any help? or is there a setting of injoy UI to show the complete source address? thanks massimo