Re: Scanning the Internet for Vulnerabilities

[Fernando Gont <fgont () si6networks com>]

Hi, Ronald,

On 19/6/22 07:13, Ronald F. Guilmette wrote:
> I would like to solicit the opinions of network operators on the practice
> of scanning all of, or large chunks of the internet for known vulnerabilities.

Note: What's most usually done out there is scanning for ports, rather 
than for vulnerabilities.

That said, as noted by others, ports scans are kind of part of the echo 
system.

A vast number of them can be blocked proactively by e.g., feeding 
block-lists (e.g. abuseipdb's) dynamically into your firewalls' rulesets.


> In earlier times, this was generally viewed as being distinctly anti-social
> behavior, but perhaps attitudes have changed relative to earlier eras.
> I would thus like to know how people feel about it now, in 2022.

At the end of the day, the folks you should most likely be concerned 
about are the folks that won't even care about whether this is unsocial 
behavior.

For low-volume traffic, you can probably filter it out as discussed 
above, and, other than the possible noise, the scans shouldn't cause 
harm anyway (and if e.g. an IPv6 host scan is causing you neighbor cache 
exhaustion problems... that's an issue you need to deal with, anyway).

What's left probably falls into the DoS-like category... but is normally 
more targetted than sent to random networks/whole Internet.

Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont () si6networks com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492