nanog mailing list archives
Re: Russian Anal Probing + Malware
From: Randy Bush <randy () psg com>
Date: Sun, 23 Jun 2019 14:23:01 -0700
It's just a port/vulnerability scanner, I really don't see anything special about this particular case.they are pushing exploits. trying to RCE, wget a binary, chmod 777 on routers and rm -rf files. this goes way beyond scanner and into criminal trespass and destruction of property. https://twitter.com/JayTHL/status/1128700101675954176
having trouble following the attribution. yes, of course there are folk trying to exploit. but missing the link that *these* folk are. e.g. i am aware of researchers scanning to see patching spread and trying to make a conext paper dreadline this week or infocom next month. hard to tell the sheep from the goats and the wolf from the sheep. i get the appended. sheep or wholf? i sure do not claim to be smart enough to know. but i sure am glad others are </snark>. randy --- Jun 20 18:53:23 winnti-scanner-victims-will-be-notified.threatsinkhole.com �V�Dz/� Jun 20 18:53:23 ran rsyslogd: imtcp imtcp: Framing Error in received TCP message from peer: (hostname) winnti-scanner-victims-will-be-notified.threatsinkhole.com, (ip) winnti-scanner-victims-will-be-notified.threatsinkhole.com: delimiter is not SP but has ASCII value -51. [v8.32.0] Jun 20 18:53:55 winnti-scanner-victims-will-be-notified.threatsinkhole.com �t�C� #000F#000#000#000#000#000����#000#000#000#000#001#004F#000#000#000#003#010�=)�#027�$��#000#000#000#000#000++#000#000#000#000(#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#001#001#000#000#000#000#026#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#004#000#000#000#000#000#000#000#000#000#004#000#000#000#000
Current thread:
- Russian Anal Probing + Malware Ronald F. Guilmette (Jun 21)
- RE: Russian Anal Probing + Malware Keith Medcalf (Jun 22)
- Re: Russian Anal Probing + Malware Troy Mursch (Jun 22)
- Re: Russian Anal Probing + Malware Andy Smith (Jun 22)
- Re: Russian Anal Probing + Malware Ronald F. Guilmette (Jun 22)
- Re: Russian Anal Probing + Malware Filip Hruska (Jun 22)
- Re: Russian Anal Probing + Malware Dan Hollis (Jun 23)
- Re: Russian Anal Probing + Malware Randy Bush (Jun 23)
- Re: Russian Anal Probing + Malware Dan Hollis (Jun 23)
- Re: Russian Anal Probing + Malware Hank Nussbacher (Jun 23)
- Re: Russian Anal Probing + Malware Tom Beecher (Jun 24)
- Re: Russian Anal Probing + Malware Dan Hollis (Jun 23)
- RE: Russian Anal Probing + Malware Keith Medcalf (Jun 22)
- Re: Russian Anal Probing + Malware Andy Smith (Jun 23)