Russian Anal Probing + Malware

• Previous message (by thread): Russian Anal Probing + Malware
• Next message (by thread): Russian Anal Probing + Malware
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 21, 2019 at 05:13:35PM -0700, Ronald F. Guilmette wrote:
> Is there anybody on this list who keeps firewall logs and who
> DOESN'T have numerous hits recorded therein from one or more
> of the following IP addresses?

Well, I *did*, but having noticed their activities and grown tired of
them, I now just drop their traffic on the floor (and log it).

They are one of several operations that I've noticed who have taken it
upon themselves to poke at open (and closed) ports without bothering
to ask.  Assuming for a moment the most charitable interpretation of
their collective actions -- that they are earnest researching problems
with the intention of helping to solve them -- this is still highly
problematic for two reasons:

1. They didn't ask permission.

2. Whether they realize it or not, they're building a target.  When,
not if, their results database(s) are compromised, they will have
furnished the attackers with a comprehensive target list, painstakingly
gathered at no cost to them and thoughtfully annotated with whatever
metadata has been collected.

---rsk

• Previous message (by thread): Russian Anal Probing + Malware
• Next message (by thread): Russian Anal Probing + Malware
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]