Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Port Scans from Hostslick - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Port Scans from Hostslick

2»

Comments

  • @Adam1 said:
    Free advertising for them, anyways

    sorry, no politics

  • HostSlickHostSlick Member, Patron Provider
    edited September 2020

    Hello,

    There's alot of restrictions etc etc for this customer. This is actually NOT a Hacking attempt. The 80+ dedicated servers itself are not in our Main Location and ips are not announced under our own ASN.

    Once a vuln is found, it's reported to the ISPs in questions. The script automatically gets the email contact out of the WHOIS.

    I can not provide any info about that customer however due to data protection but I can assure you there's nothing malicious/shady. It's a real company behind it. There's a big white list and the servers have advanced pre-caution scripts etc. They also sync this white list. Every 24h. There's a big whitelist and pre-caution system and Customer also whitelist complete AT&T /18. Or some other /17 i see here. ASN owners can have their whole ASN excluded/whitelist/opted out or however you want to call it.

    There was indeed already alot of vulns reported to ISPs/ASNs.

    However I heard from the customer that this system still is in development, so if you continuously have those please contact [email protected] or our [email protected].

    All email for [email protected] also go CC to our abuse@ for us to ensure all will be taken care of. Also we have access to this request@. As well we have control over the list to make sure anytime you won't be annoyed.
    As said, there's alot of restrictions and we made sure this is nothing malicious.

    Currently their project pushing 26Gbit on average, there would be a real problem if it would be malicious.

    It will be taken care of and your ip (or ip subnet(s) of course) to be whitelisted 100%

    A proper website with better explanation etc etc will come soon I heard.

    Why haven't OP made contact at all though?

    Other is left up to you and your thoughts.

    thanks.

    Thanked by 3jar Abd MarshalChe
  • HostSlickHostSlick Member, Patron Provider

    @1606234 said:
    Is there a connection between hostslick and hostslim? It is very odd that hostslick has the same company naming scheme as host slim "(first two of first name + first three of surname) + investments", this makes no sense unless they are very tightly related.

    https://bgp.he.net/net/79.124.8.0/24#_whois

    https://bgp.he.net/net/103.219.154.0/24#_whois

    I receive many probes from this block too.

    HostSlick is a different company then HostSlim. Different operators. Not related to each other.
    However we also house some Racks and own Router, Network etc with hundreds of servers in HostSlim Datacenter in The Netherlands (not related to the customers project)

  • @HostSlick said: Why haven't OP made contact at all though?

    Why would OP make contact with an unnamed, no impressum, no academic disclosures or ethics board information? First thing you learn is you don't click unsubscribe links on unwanted spam.

  • @HostSlick said: HostSlick is a different company then HostSlim. Different operators. Not related to each other.

    I think he was referring to how weird is that a customer or colo client or reseller would make a company name named after the upstream (Makut Investment / Rakar Investment where both are the first few letters of the name)

  • jarjar Patron Provider, Top Host, Veteran
    edited September 2020

    @hzr said:

    @HostSlick said: Why haven't OP made contact at all though?

    Why would OP make contact with an unnamed, no impressum, no academic disclosures or ethics board information? First thing you learn is you don't click unsubscribe links on unwanted spam.

    Yeah you wouldn’t want to accidentally confirm that your IP address is legit and exists. That’s why it’s always best to firewall off every port and ICMP to 0.0.0.0/0 and change the WHOIS details to claim its RFC 1918 space.

  • @jar said: Yeah you wouldn’t want to accidentally confirm that your IP address is legit and exists...

    At least imo there's a difference between something like http://researchscan1.eecs.berkeley.edu and an "offshore nulled hosting" spewing high pps garbage at you

  • jarjar Patron Provider, Top Host, Veteran

    @hzr said:

    @jar said: Yeah you wouldn’t want to accidentally confirm that your IP address is legit and exists...

    At least imo there's a difference between something like http://researchscan1.eecs.berkeley.edu and an "offshore nulled hosting" spewing high pps garbage at you

    What evil do you think they might do if you ask them to exclude your IP?

    Thanked by 1pedagang
  • @SCAM_DONT_BUY said:

    @raindog308 said: Can you DM me as well? I don't see anything on HostSlick's site about this, so I'd like to state publicly whether this is legit or not.

    There is no need for any DMs, you can literally google for this.

    The problem is, there is absolutely no need to call anyone out on things like this, because there are way too many users here to defend their favourite hosts, whatever wrong they're doing.

    Love how HostSlick dodges this, in acceptance? 😏

  • SCAM_DONT_BUYSCAM_DONT_BUY Member
    edited September 2020

    @snt said: Love how HostSlick dodges this, in acceptance? 😏

    They dodge it because they know I can't win. :) Same goes for RackNerd nowadays. They don't even care if you name them AlphaRacks anymore. Whatever. :)

  • case closed B) :p :p

  • jarjar Patron Provider, Top Host, Veteran
    edited September 2020

    @snt said: Love how HostSlick dodges this

    Maybe get a few thousand retweets and you can get them cancelled.

    I don't even know who this host is, I just think this is a stupid thing to complain about because it feels like security theater (the idea that port scans are what stand between you and security), opt-in victimization (over reporting by choice, also known as “I didn’t tweak CSF from its obscene defaults”), and theoretical wrongdoings (the unprecedented idea that an opt out request results in being the recipient of an unknown evil intent with no evidence of similar cases occurring). Reminds me of this:

    image

    Feels like I remember a time when netizens worked together and didn’t mind talking directly to people they took issue with, but cancel culture has consumed every corner of the internet now. Anytime it’s true that “this can only hurt me if I let it” then that represents an opportunity to let something roll off your back.

    And now I realize I’m doing no one any favors because in my efforts to not over complain in 2020 I’ve instead complained about complainers. Being a better person this year is really hard. I sure hope more join me in trying though, fail as we may.

    Thanked by 2HostSlick skorous
  • NyrNyr Community Contributor, Veteran
    edited September 2020

    If you don't want to be port scanned, you probably shouldn't expose that server to the public internet.

    I can't think of many worse ways to lose lifetime than reporting port scan "abuse".

  • pedagangpedagang Member
    edited September 2020

    fail2ban&CSF @ thanks

    Thanked by 1HostSlick
  • DPDP Administrator, The Domain Guy

    If you ever need to appear busy, those logs will be useful.

  • @Nyr said:
    If you don't want to be port scanned, you probably shouldn't expose that server to the public internet.

    I can't think of many worse ways to lose lifetime than reporting port scan "abuse".

    If you saw people you didn't know walking around your neighborhood just trying to open the front door without knocking, what would you do? I mean, it's just inevitable they'll reach a door that was unlocked and then they fuck up the house.

    You can say, "well, their fault, they left the door unlocked". But then who gets upset when they move in, squat their with their fucking loser friends and have loud music parties all night long with used condoms and needles on your lawn the next morning.

    I'm not the police, but I generally am not going to stand around and let assholes try and get into my shit. They can get off my motherfucking lawn.

    It's this "why bother" attitude that enables them. Those that profit from others criminal activity should bear the hassles of aiding the criminals. Send abuse reports right up their asses.

    We've enacted laws to prevent spam, telemarketing and door to door sales because we really don't want to be bothered without our permission or a good and necessary reason. Port scanning is same shit, different medium. Don't help the cunts by treating them differently and giving them a free pass. You might as well as stock up on lube and bend over if you're going to be like that.

    Thanked by 2chip AlwaysSkint
  • jarjar Patron Provider, Top Host, Veteran
    edited September 2020

    @TimboJones said: You might as well as stock up on lube and bend over if you're going to be like that.

    If I've learned anything on the internet it's that comparing innocuous things to unwanted anal sex is a clear indication that someone is overreacting.

  • @TimboJones said: .. door to door sales..

    Totally off piste. This reminded me of the "No solicitors" sign outside one of my apartments in the States. Here, a solicitor is a lawyer. :|

  • @jar said:

    @TimboJones said: You might as well as stock up on lube and bend over if you're going to be like that.

    If I've learned anything on the internet it's that comparing innocuous things to unwanted anal sex is a clear indication that someone is overreacting.

    Anal sex is awesome (I'm sure we can all agree), its reference to 'bending over and taking it without complaining' that is the point.

  • @TimboJones said:
    If you saw people you didn't know walking around your neighborhood just trying to open the front door without knocking, what would you do? I mean, it's just inevitable they'll reach a door that was unlocked and then they fuck up the house.

    If you want to do stupid comparisons I have one for you that will represent it better.
    Somebody rides a car through the neighborhood and looks at houses, if you don't look actively for that you will never notice that. You can close your curtains but that will not stop the car. So you decide to call the police because you feel harassed by that car even though nothing happend at all.

    Sounds ridiculous enough?

    I start to understand why many providers move their abuse reporting on a webpage with a captcha

  • pedagangpedagang Member
    edited September 2020

    .

  • When a stranger pulls the door handle of your car in front of you, will you ask why he's doing that? To me, port scans are like pulling my car's door handle, and my reporting is to ask why the scanner did that.

    While some scanners are claimed to be security researchers as I am told by Amazon EC2, Linode, etc., some are really compromised computers abused by hackers. My reports let the victims be aware of that and fix their systems, protecting their privacy in the end. If you value data privacy and have idle VPSes, perhaps you could do the same.

    I do give my IP lists to those security researchers to stop receiving their connection attempts in the future. It does work sometimes.

  • @user54321 said:

    @TimboJones said:
    If you saw people you didn't know walking around your neighborhood just trying to open the front door without knocking, what would you do? I mean, it's just inevitable they'll reach a door that was unlocked and then they fuck up the house.

    If you want to do stupid comparisons I have one for you that will represent it better.
    Somebody rides a car through the neighborhood and looks at houses, if you don't look actively for that you will never notice that. You can close your curtains but that will not stop the car. So you decide to call the police because you feel harassed by that car even though nothing happend at all.

    Sounds ridiculous enough?

    I start to understand why many providers move their abuse reporting on a webpage with a captcha

    whoosh

    Your comparison is wrong. Think that the same car circled your house several times, checking where your windows are, the gates, the garage door, and who comes and goes from your house.

  • @chihcherng said:
    When a stranger pulls the door handle of your car in front of you, will you ask why he's doing that? To me, port scans are like pulling my car's door handle, and my reporting is to ask why the scanner did that.

    Ok, this example is simplest and works, so it wins.

    While some scanners are claimed to be security researchers as I am told by Amazon EC2, Linode, etc., some are really compromised computers abused by hackers. My reports let the victims be aware of that and fix their systems, protecting their privacy in the end. If you value data privacy and have idle VPSes, perhaps you could do the same.

    I do give my IP lists to those security researchers to stop receiving their connection attempts in the future. It does work sometimes.

    There's exceptions to telemarketing and door to door solicitation such as politics, charity, research, etc. Having a system that is able to alert you if your system has open dns resolver, malware bot infection, public snmp equipment, etc would be in the best interest of the general public and would have full public disclosure and opt out systems. I'm ok with that.

    But malicious traffic should be properly reported, we just need better IDS systems that obtains sufficient evidence and properly reports all details. Everyone has their own systems, there needs to be an RFC for universal reporting process.

    IPBan looks like it's heading that way. Was running it for a bit but ran into a bug and had to quit testing but will go back to it when I have time.

    https://github.com/DigitalRuby/IPBan

  • @TimboJones said:

    @user54321 said:

    @TimboJones said:
    If you saw people you didn't know walking around your neighborhood just trying to open the front door without knocking, what would you do? I mean, it's just inevitable they'll reach a door that was unlocked and then they fuck up the house.

    If you want to do stupid comparisons I have one for you that will represent it better.
    Somebody rides a car through the neighborhood and looks at houses, if you don't look actively for that you will never notice that. You can close your curtains but that will not stop the car. So you decide to call the police because you feel harassed by that car even though nothing happend at all.

    Sounds ridiculous enough?

    I start to understand why many providers move their abuse reporting on a webpage with a captcha

    whoosh

    Your comparison is wrong. Think that the same car circled your house several times, checking where your windows are, the gates, the garage door, and who comes and goes from your house.

    yes 2 times a day, as the dude travels to their workplace and than back home :D and there are so many cars that do pass your house and you report them all.
    And do you know what happens if you do that? The Police will ignore all reports from you and they will force you into a mental hospital because of paranoia.

    If you want to go that route feel free.

    Thanked by 1jar
  • I bet next comparison would be about sisters.

Sign In or Register to comment.