Russian Anal Probing + Malware
Ronald F. Guilmette
rfg at tristatelogic.com
Sun Jun 23 05:51:58 UTC 2019
In message <f2682032aa620f49aa50b30579a9357f at mail.dessus.com>,
"Keith Medcalf" <kmedcalf at dessus.com> wrote:
>On Friday, 21 June, 2019 18:14, Ronald F. Guilmette <rfg at tristatelogic.=
>com> wrote:
>
>> https://twitter.com/GreyNoiseIO/status/1129017971135995904
>> https://twitter.com/JayTHL/status/1128718224965685248
>
>Sorry, don't twitter ... Too much malicious JavaScript there.
Can you be more, um, specific?
>>80.82.64.21 scanner29.openportstats.com
>>...
>
>Why do you think it is a problem and not just run-of-the-mill background
>radiation on the Internet?
It's not a problem for me personally... other than the fact that these
goofballs are filling up my log files to no good end. I just wanted
others to be aware of this (apparently ongoing) garbage.
And I wouldn't want anyone to be fooled by the mere fact that this
openportstats.com domain has a sort-of a web site. It's still 100%
illegitimate.
>Do you (or your endpoints) not have a firewall to block such things?
I do, and I hope everyone else does also.
>What malware slinging? I see none of that.
You didn't look at the Twitter reports.
>> https://bit.ly/2ZBayc4
>
>Malicious link detected.
If you say so. (It's actually just a cute picture.)
Regards,
rfg
More information about the NANOG
mailing list