oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes

From: "Zach W." <kestrel () trylinux us>
Date: Thu, 28 Jan 2016 08:56:25 -0800
shodan.io are the bad guys!  block them wherever possible, put them in
default blocklists suggested
for firewalls, etc.

these guys really don't care.   when submitting networks for
exclusion, they reply as if they will do something,
sometimes the scanning may pause for a day or a week, then it always
comes back.

This is simply not true and this is the first case that I've heard of
this happening. They DO care and they typically respond very well. I
will be contacting you off-list to resolve this.

Zach W.


On 1/27/2016 8:36 AM, Rob Janssen wrote:

Luca BRUNO wrote:

[cross-posted to pool-ntp and oss-sec]


For ntp.org admins: can those rogue server be expunged from the
pools, and the whole
shodan.io situation clarified?


shodan.io are the bad guys!  block them wherever possible, put them in
default blocklists suggested
for firewalls, etc.

these guys really don't care.   when submitting networks for
exclusion, they reply as if they will do something,
sometimes the scanning may pause for a day or a week, then it always
comes back.

Rob
Previous By Date Next
Previous By Thread Next

Current thread: