25 May
2018
25 May
'18
3:22 a.m.
I'm not at all sure that Shodan is blocked on amprgw. There are
more than 2,000 IP addresses that are blocked, with more being added
from time to time, plus there are a number of tcp and udp destination
ports that are blocked from all IP addresses, but there's no way
to be sure that these lists include all Shodan and other scanners.
I have found that most opt-out forms are a waste of time, if indeed
they don't have the opposite effect of inviting additional scanning.
- Brian
On Fri, May 25, 2018 at 09:38:07AM +0200, Rob Janssen wrote:
especially
before Shodan was
blocked on AMPR...
Has Shodan been blocked on amprgw or have they been convinced to stop scanning AMPRnet?
There are still various agressive scanners active from internet, and I have some scripts
to automatically add them to a blocklist but it still is an ever increasing load on the
network.
For example, "stretchoid.com" is an agressive scanner that changes addresses
all the time
(but does keep reverse-DNS records on their virtual servers so easy to identify).
They do have an opt-out form but it is a NOP.
(I have completed it 3 times at 1-month intervals but no reply and no effect on the
scanning...
maybe Brian should try it as he is listed in the whois as the owner of NET44)
Of course there are others, like security.ipip.net and binaryedge.ninja. Plus the many
many other scanners, "researchers", etc.
Rob