btw, if you want to do this yourself, you might consider using something like https://github.com/opsdisk/scantron
On Jun 19, 2022, at 11:17 AM, Mark Seiden <mis@seiden.com> wrote:
greetings.
it should be mentioned that shadowserver also notifies those who register as the owners of that address space. it’s very useful. (it would be more useful if they calculated diffs and notified about changes/additions.)
my thinking about this sort of thing, in general, is:
- it depends on who’s doing it and why, and what they do with the information (so what keeps you from doing it for the benefit of your less clueful downstream customers?)
- absolutely nothing prevents bad guys from doing it, so discouraging it fits in the category of “politeness rules only observed by nice people”.
- it’s polite enough for me for the good guys to identify themselves so you (the target) can worry less when you notice the activity.
(btw, this reasoning applies also about crawls of content from the wayback machine.)
On Jun 19, 2022, at 10:45 AM, Forrest Christian (List Account) <lists@packetflux.com <mailto:lists@packetflux.com>> wrote:
Correction... shadowserver.org <http://shadowserver.org/>
They scan the entire ipv4 internet daily for select potential vulnerabilities.
On Sun, Jun 19, 2022, 11:43 AM Forrest Christian (List Account) <lists@packetflux.com <mailto:lists@packetflux.com>> wrote: See shadowserver.net <http://shadowserver.net/> On Sun, Jun 19, 2022, 4:13 AM Ronald F. Guilmette <rfg@tristatelogic.com <mailto:rfg@tristatelogic.com>> wrote: I would like to solicit the opinions of network operators on the practice of scanning all of, or large chunks of the internet for known vulnerabilities.
In earlier times, this was generally viewed as being distinctly anti-social behavior, but perhaps attitudes have changed relative to earlier eras. I would thus like to know how people feel about it now, in 2022.
Regards, rfg
P.S. Just to be clear, I personally have neither any desire nor any intent to undertake such activity myself, nor am I in communiacation with any party or parties that have such an intent or desire. I cannot however say that I am unaware of any parties that may currently be involved in such activities.