nanog mailing list archives
Re: Scanning the Internet for Vulnerabilities
From: John Kristoff <jtk () dataplane org>
Date: Mon, 20 Jun 2022 08:28:31 -0500
On Sun, 19 Jun 2022 08:06:59 -0400 Dovid Bender <dovid () telecurve com> wrote:
I don't know who is doing it. I just know that IL Cert contacted our parent company which has an ISP in Israel when things were "hot".
Some national government infrastructure protection organizations will relay notifications to local provider networks (e.g., abuse@) based on reputable third party surveyors (aka network scanner operators). I think it is safe to assume this is generally done as a public service, but perhaps with some mandates to measure and minimize risk within a country's borders. Most providers will usually convey the notification is fairly strong language, usually demanding some sort of response and if applicable, remediation. The reports can contain false positives (e.g., when scanners cannot differentiate between vulnerable systems and honeypots). It isn't always clear based on the relayed reports who is running the scans, but in my experience Shadowserver is the most widely used and cited. There are of course lots of others running scans. Commercially, Greynoise tracks many of them. A research-based tracker is also available here: <https://gitlab.com/mcollins_at_isi/acknowledged_scanners> John
Current thread:
- Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Jorge Amodio (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Dovid Bender (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Dovid Bender (Jun 19)
- Re: Scanning the Internet for Vulnerabilities John Kristoff (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 19)
- RE: Scanning the Internet for Vulnerabilities David Guo via NANOG (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Randy Bush (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Forrest Christian (List Account) (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Forrest Christian (List Account) (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Mark Seiden (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Mark Seiden (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Amreesh Phokeer (Jun 19)
- Re: Scanning the Internet for Vulnerabilities J. Hellenthal via NANOG (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Mel Beckman (Jun 19)
- Re: Scanning the Internet for Vulnerabilities J. Hellenthal via NANOG (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Forrest Christian (List Account) (Jun 19)