To help prevent this from affecting AMPRNet systems, I am now blocking inbound port 16992 at the amprgw gateway. I hope this won't cause you any difficulties.
Thanks for the hint. It is surprisingly difficult to get technical information from the Intel documents. Do you block TCP only or also UDP? And what about ports 16993 and 16994? (and maybe even 623 and 664?)
The nice thing about such new vulnerabilities is that they allow you to identify the aforementioned scanners and put them on the permanent blacklist. Aside from shodan.io (that were already on the blocklist) I also see 52.174.52.33 census01.project-magellan.com Yet another annoying "research" project...
You could try to get 44.0.0.0/8 opted out via research@project-magellan.com
Rob