Those Scans from 18.171.7.246 and 35.177.10.231 are the UK Gov't

raindog308

The British government is scanning the Internet (or at least what they perceive as the UK part of it).

You can opt out.

BlaZe

lol

emg

Unwritten:

Will the UK government try to inform and assist UK businesses with exploitable vulnerabilities?
(My guess: Not initially and probably never.)

Did the UK government add "A hostile foreign government or hacking group steals the database with the vulnerabilities list for UK businesses" to its cybersecurity risk assessment and mitigation plans?
(My guess: No. Did they consider it? My guess: Yes, but they are not concerned. After all, they are the UK government and they have the best cyber security experts available, so the chances that the database could be hacked are too remote to be a concern.)

jar

I mean, just to save them some trouble in case they accidentally target the wrong servers:

root@gw:~# for i in 18.171.7.246 35.177.10.231; do darun ip route add blackhole $i && cprun ip route add blackhole $i; done

tjn

Don't the Germans do something similar?
I remember receiving emails from the Federal Office for Information Security (BSI) via Hetzner support for some of my dedi's with them.

Edit: I guess it isn't hugely different to something like Shodan.

FatGrizzly

Scanning the internet means, scanning the UK IPS and networks or the entire internet?

DP

IIRC, HD Moore did something similar many years ago, but it was the entire Internet I believe - for research purposes of course

Neoon

@emg said:
Unwritten:

Will the UK government try to inform and assist UK businesses with exploitable vulnerabilities?
(My guess: Not initially and probably never.)

NSA and GCHQ still exist, they at least here do it publicly so I guess yes.

bulbasaur

@tjn said: Don't the Germans do something similar?

Yup, one of the things that they look is telnet banners on port 23. I received a notice once for running a honeypot.

emg

@stevewatson301 said:

Yup, one of the things that they look is telnet banners on port 23. I received a notice once for running a honeypot.

... and how did they find you to send that notice?

tjn

@emg said:

@stevewatson301 said:

Yup, one of the things that they look is telnet banners on port 23. I received a notice once for running a honeypot.

... and how did they find you to send that notice?

It automatically gets dispatched to the owner of the IP address, the ISP/provider then forward it on to the relevant client.

AllHost_Rep

They've been doing this for years. We (a datacentre) get a .csv every morning with a list of IP addresses on it that is running a service that is vulnerable to a known exploit.

TimboJones

@tjn said:
Don't the Germans do something similar?
I remember receiving emails from the Federal Office for Information Security (BSI) via Hetzner support for some of my dedi's with them.

Edit: I guess it isn't hugely different to something like Shodan.

Reasonable ISP's have been doing this for a decade or more since DNS and SNMP amplification attacks years ago.

To get a notice from UK Gov saying port 161 or something is open and potential attack vector and the likes is good for everyone. Full. Stop.

Chinese government is doing it. It's just common sense to do it yourself but actually try and prevent attacks.