On Mon, Jun 28, 2021 at 9:22 AM Tom Beecher <beecher@beecher.cc> wrote:
Shadowserver is constantly doing all kinds of port scanning and penetration attempts globally, have been for many years.
They conduct probes and queries that are basically routine communications against IP Address Port pairs that have been routed on the public internet. There is nothing I have seen / No evidence of shadowserver specifcally ever conducting a penetration attempt or other actual abuse, such as attempting to gain access to computers or data beyond reports on publicly-accessible services would be, but please do show more details if that could be the case now.. There are many parties who do scans and send basic queries for reasons that have nothing to do with penetrating or attempting to penetrate anything -- those are just queries. For example DNS query to port 53, in order to detect hosts that have a level of service open to the public like Open Resolvers, which service does not meet current standard, or is a subset of hosts presenting a high risk to other networks, so that info. can be communicated to ISPs and upstream providers to mitigate.
On a residential connection as you describe, have something in place that drops anything from them, and move on with your day.
-- -Jim