shadowserver.org

• Previous message (by thread): shadowserver.org
• Next message (by thread): shadowserver.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 28, 2021 at 07:42:11PM +0300, Nathaniel Ferguson wrote:
> I thought I'd add because it seems relevant and this is a pet peeve of my own,
> but with some notable exceptions-- anymore you can more or less think of a port
> scan as generally being a network diagnostic of some sort. Most of the stuff
> that says its a precursor to an attack is outdated...


I'd say my public facing servers are under constant attack of some level of utility.

Ie. my honeypot email servers collect 100k+ connections a day each,
that don't have any MX pointing to them, their only sin is being up and
listening to port 25. They can't process a single email in or out. 

My web servers have a constant barage of accesses that aren't hitting
valid URIs.  Sometimes they hit on some pattern that starts forming a
small DoS on them and I have to go block or auto-block them.

The white-hat scanners like Shodan or Shadowserver are a small drop in
the bucket compared to the malicious scans that constantly are going
on.  Perhaps it is easier to find Shodan or Shadowserver as they are
fairly consistant and easily identifiable, vs. the constant E2C or
other fly-by-night cloud services being abused.

• Previous message (by thread): shadowserver.org
• Next message (by thread): shadowserver.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]