Scanning the Internet for Vulnerabilities

Fernando Gont fgont at si6networks.com
Wed Jun 22 21:11:32 UTC 2022 

Hi,

While it's possible to have a discussion on the topic, I think that the 
only safe bet is that, when connected to the Internet, you'll definitely 
be subject to scanning.

I doubt there's much you want to do at a SOC about it unless it's a 
recurring situation involving a somewhat big traffic load -- in which 
case, you'd probably handle it as you'd do with a DoS attack.

Scans of one sort of another happen way to often to bother (or to afford 
to bother, if you wish) -- for instance, just a few days ago I was 
setting up an imap server, and happened to find the service being 
scanned by censys in terms of hours. For regular mass scans, you can 
normally block them proactively, via a number of feeds (abuseipdb, 
dshield, and others), if you find them as a nuissance or don't want to 
show up in the scanner's results.

As for targetted scans, the only safe bet is that you *will* be 
targetted.  So... keep the windows and doors locked. And, better, check 
if they actually are locked regularly.

Thanks,
Fernando




On 22/6/22 01:04, bzs at theworld.com wrote:
> 
> When I lock the doors etc to my home I'll often mutter "ya know, if
> someone is rattling my door knob I already have a big problem."
> 
> I suppose when I'm home it might give me a warning if I hear it.
> 
> There must be a metaphor in there somewhere.
> 
> I do recall as a teen noticing that one of the closed store's on the
> main drag's door was unlocked late one night walking home (this was in
> NYC.)
> 
> I saw a cop and told him and he scolded me angrily for rattling door
> knobs, I could be arrested for that! But verified it, looked around
> inside with his flashlight, and called it in.
> 
> I forget how I noticed but I wasn't in the habit of rattling stores'
> door knobs, I think the door was just a bit ajar.
> 
> There must be a metaphor in there somewhere.
> 
> On June 21, 2022 at 10:01 mpalmer at hezmatt.org (Matt Palmer) wrote:
>   > On Mon, Jun 20, 2022 at 02:18:30AM +0000, Mel Beckman wrote:
>   > > When researchers, or whoever, claim their scanning an altruistic service,
>   > > I ask them if they would mind someone coming to their home and trying to
>   > > open all the doors and windows every night.
>   >
>   > If there were a few hundred people with nefarious intent trying to open your
>   > doors and windows every night, someone doing the same thing with altruistic
>   > intent might not be such a bad thing.
>   >
>   > - Matt
> 

-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the NANOG mailing list