Russian Anal Probing + Malware

• Previous message (by thread): FCC webinar: Network resiliency for small and rural communication providers
• Next message (by thread): Russian Anal Probing + Malware
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    https://twitter.com/GreyNoiseIO/status/1129017971135995904
    https://twitter.com/JayTHL/status/1128718224965685248

Friday Questionaire:

Is there anybody on this list who keeps firewall logs and who
DOESN'T have numerous hits recorded therein from one or more
of the following IP addresses?

80.82.64.21 scanner29.openportstats.com
80.82.70.2 scanner8.openportstats.com
80.82.70.198 scanner21.openportstats.com
80.82.70.216 scanner13.openportstats.com
80.82.78.104 scanner151.openportstats.com
89.248.160.132 scanner15.openportstats.com
89.248.162.168 scanner5.openportstats.com
89.248.168.62 scanner1.openportstats.com
89.248.168.63 scanner2.openportstats.com
89.248.168.73 scanner3.openportstats.com
89.248.168.74 scanner4.openportstats.com
89.248.168.170 scanner17.openportstats.com
89.248.168.196 scanner16.openportstats.com
89.248.171.38 scanner7.openportstats.com
89.248.171.57 scanner20.openportstats.com
89.248.172.18 scanner25.openportstats.com
89.248.172.23 scanner27.openportstats.com
93.174.91.31 scanner10.openportstats.com
93.174.91.34 scanner11.openportstats.com
93.174.91.35 scanner12.openportstats.com
93.174.93.98 scanner18.openportstats.com
93.174.93.149 scanner6.openportstats.com
93.174.93.241 scanner14.openportstats.com
93.174.95.37 scanner19.openportstats.com
93.174.95.42 scanner8.openportstats.com
94.102.51.31 scanner31.openportstats.com
94.102.51.98 scanner55.openportstats.com
94.102.52.245 scanner9.openportstats.com


NOTE:  Dshield has already assigned an 8 rating on their Badness Richter
Scale to the specific one of the above addresses that's been poking me
personally in recent days:

    https://www.dshield.org/ipinfo.html?ip=89.248.162.168
    https://www.dshield.org/ipdetails.html?ip=89.248.162.168

And the Dshield rating is *just* based on the probing.  The addition of
malware slinging also puts this whole mess over the top entirely.

Oh!  And I'll save you all the time looking it up.... 100% of the IPs
listed above are on AS202425 "IP Volume, Inc. allegedly of the Seychelles
Islands, where the employees and management are no doubt enjoying their
luxurious and expansive new corporate headquarters...

    https://bit.ly/2ZBayc4


Regards,
rfg


P.S.  This is the kind of thing that everybody really should expect
when the U.S. Department of Defense takes it upon itself to start up
its own little private and unauthorized (cyber)war on Russia, wthout
first obtaining the consent of Congress... you know, kinda like that
ancient yellowed document that nobody in this country reads anymore
says they should.  And apparently, the DoD was understandably not
anxious to brief even the President about all this...

https://www.businessinsider.com/us-officials-hide-russia-cyber-operation-trump-2019-6

(Not that anybody can really blame them for THAT.)

• Previous message (by thread): FCC webinar: Network resiliency for small and rural communication providers
• Next message (by thread): Russian Anal Probing + Malware
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]