On Fri, Jun 21, 2019 at 05:13:35PM -0700, Ronald F. Guilmette wrote:
Is there anybody on this list who keeps firewall logs and who DOESN'T have numerous hits recorded therein from one or more of the following IP addresses?
Well, I *did*, but having noticed their activities and grown tired of them, I now just drop their traffic on the floor (and log it). They are one of several operations that I've noticed who have taken it upon themselves to poke at open (and closed) ports without bothering to ask. Assuming for a moment the most charitable interpretation of their collective actions -- that they are earnest researching problems with the intention of helping to solve them -- this is still highly problematic for two reasons: 1. They didn't ask permission. 2. Whether they realize it or not, they're building a target. When, not if, their results database(s) are compromised, they will have furnished the attackers with a comprehensive target list, painstakingly gathered at no cost to them and thoughtfully annotated with whatever metadata has been collected. ---rsk