Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Jan 2016 08:56:25 -0800
From: "Zach W." <kestrel@...linux.us>
To: oss-security@...ts.openwall.com
Subject: Re: Re: [Pool] shodan.io actively infiltrating ntp.org
 IPv6 pools for scanning purposes

> shodan.io are the bad guys!  block them wherever possible, put them in
> default blocklists suggested
> for firewalls, etc.
>
> these guys really don't care.   when submitting networks for
> exclusion, they reply as if they will do something,
> sometimes the scanning may pause for a day or a week, then it always
> comes back.
This is simply not true and this is the first case that I've heard of
this happening. They DO care and they typically respond very well. I
will be contacting you off-list to resolve this.

Zach W.


On 1/27/2016 8:36 AM, Rob Janssen wrote:
> Luca BRUNO wrote:
>> [cross-posted to pool-ntp and oss-sec]
>>
>>
>> For ntp.org admins: can those rogue server be expunged from the
>> pools, and the whole
>> shodan.io situation clarified?
>
> shodan.io are the bad guys!  block them wherever possible, put them in
> default blocklists suggested
> for firewalls, etc.
>
> these guys really don't care.   when submitting networks for
> exclusion, they reply as if they will do something,
> sometimes the scanning may pause for a day or a week, then it always
> comes back.
>
> Rob

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ