[EXTERNAL] RE: shadowserver.org

• Previous message (by thread): shadowserver.org
• Next message (by thread): Google Geo Location Issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you want to identify which peering links are sending you spoofed DDoS amplification request traffic and which (Shadowserver identified) IPs in your network the traffic is going to, please take a look at my Tattle Tale project: https://github.com/racompton/tattle-tale
Identify which peers are sending you the spoofed UDP amplification traffic and "encourage" them to follow BCP 38/84! 
The project has this file to identify legitimate scanning traffic: https://github.com/racompton/tattle-tale/blob/main/logstash/conf.d/81-filter-scanners.conf

-Rich

On 6/28/21, 1:29 PM, "NANOG on behalf of Jean St-Laurent via NANOG" <nanog-bounces+rich.compton=charter.com at nanog.org on behalf of nanog at nanog.org> wrote:

    CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.

    Great list. 

    ShadowServer is there twice on page 7. They must be noisy 😉

    Jean

    -----Original Message-----
    From: NANOG <nanog-bounces+jean=ddostest.me at nanog.org> On Behalf Of Hank Nussbacher
    Sent: June 28, 2021 2:50 PM
    To: nanog at nanog.org
    Subject: Re: shadowserver.org

    > What is the difference between shodan.io and shadowserver.org ? Jean
    Just those 2?  Greynoise maps them all.  See an old preso from 2018:
    https://www.slideshare.net/andrewwantsyou/identifying-and-correlating-internetwide-scan-traffic-to-newsworthy-security-events
    See slide 7 for a 4 year old list which has only grown :-)

    -Hank





E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.

• Previous message (by thread): shadowserver.org
• Next message (by thread): Google Geo Location Issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]