[44net] Re: Request: Blocking censys-scanner.com scans on AMPR subnets

It's interesting to see the variety in responses to my email on both the AMPR list and unicasted to me. From my perspective, I think it's totally required for people running servers exposed to the Internet to scan them and make sure they are only exposing what they expect. That said, IMHO, those scans should *only* be run by be, at a rate I'm expecting it, and when I expect it. This level of security detail is arguably no one else's business. I like some of the "exetreme" analogies that vk2dgy came up where someone is essentially turning every doorknob, trying every window, etc. just to see if I missed something. By companies exposing all this this information publicly, they are enabling bad actors to attack found misconfigured / possibly vulnerable systems for malice, profit, etc. This is total crap and only makes the Internet a more dangerous place. Why did I personally notice this scanning traffic the other day? I have my AMPR systems on a physically separate network switch so I can "see the traffic" and just glancing at tit, I could tell it's packet-per-second (PPS) rate was VERY high. I didn't measure it but it was easily in the >100 PPS rate which was highly unusual. Yes, some people will say "Welcome to the Internet... get used to it". That sucks but I can't say I shouldn't expect that. What I can say is I DON'T expect this on my AMPR tunnel. I don't think I should expect these kinds of scans or any other form of common Internet spam on my AMPR tunnel. Yes, I do have my IP listed in AMPR DNS which also tells the UCSD AMPR GW to forward any Internet sourced Internet traffic to my IP. I realize I can remove my AMPR IP from DNS to "fix" this but I find DNS to be very useful. I also find having Internet access to my AMPR host is occasionally useful as well but maybe I should just block the UCSD AMPR IP address for everything except RIP updates. --David KI6ZHD On 01/24/2023 03:47 PM, Tim Požar via 44net wrote: