shadowserver.org

• Previous message (by thread): shadowserver.org
• Next message (by thread): shadowserver.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 28, 2021 at 9:22 AM Tom Beecher <beecher at beecher.cc> wrote:
> Shadowserver is constantly doing all kinds of port scanning and penetration attempts globally, have been for many years.

They conduct probes and queries that are basically routine
communications against IP Address Port pairs that have been routed on
the public internet. There is nothing I have seen / No evidence of
shadowserver specifcally ever conducting a penetration attempt  or
other actual abuse,  such as attempting to gain access to computers or
data beyond reports on publicly-accessible services would be, but
please do show more details if that could be the case now..

There are many parties who do scans and send basic queries for reasons
that have nothing to do with penetrating or attempting to penetrate
anything -- those are just queries.  For example DNS query to port 53,
in order to detect hosts that have a level of  service open to the
public like Open Resolvers, which service does not meet current
standard, or is a subset of hosts presenting a high risk to other
networks,  so that info. can be communicated to ISPs and upstream
providers to mitigate.

>
> On a residential connection as you describe, have something in place that drops anything from them, and move on with your day.
--
-Jim

• Previous message (by thread): shadowserver.org
• Next message (by thread): shadowserver.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]