As someone who uses censys scans a lot when doing research, I'd be very sad to see more networks blocking censys (or wasting effort blocking port scans in general).  I'm in network security and I don't bother to block these, even.  Unless it's actually interfering in some way with your operations, it is completely harmless and allows us to answer questions about what kinds of things people are doing with the Internet.

It is relatively easy to autoblock such scanners at a gateway due to the large address space that we have, and its relatively sparse use.
Once you notice a lot of incoming traffic on unallocated subnets, you know it is from a scanner.

Rob

On 1/24/23 22:26, David Ranch via 44net wrote:

I was recently seeing a *lot* of scanning traffic from some of these censys-scanner.com IPs on my AMPR subnet.  Personally, I consider crap like this as an attack yet people and companies think what they are doing is completely OK.  Grrrr..  I imagine a lot of other AMPR subnets are also getting scanned which I don't think is OK.  Maybe we can get their subnets BLOCKED at the UCSD Internet gateway?

_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org