New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
sorry, no politics
Hello,
There's alot of restrictions etc etc for this customer. This is actually NOT a Hacking attempt. The 80+ dedicated servers itself are not in our Main Location and ips are not announced under our own ASN.
Once a vuln is found, it's reported to the ISPs in questions. The script automatically gets the email contact out of the WHOIS.
I can not provide any info about that customer however due to data protection but I can assure you there's nothing malicious/shady. It's a real company behind it. There's a big white list and the servers have advanced pre-caution scripts etc. They also sync this white list. Every 24h. There's a big whitelist and pre-caution system and Customer also whitelist complete AT&T /18. Or some other /17 i see here. ASN owners can have their whole ASN excluded/whitelist/opted out or however you want to call it.
There was indeed already alot of vulns reported to ISPs/ASNs.
However I heard from the customer that this system still is in development, so if you continuously have those please contact [email protected] or our [email protected].
All email for [email protected] also go CC to our abuse@ for us to ensure all will be taken care of. Also we have access to this request@. As well we have control over the list to make sure anytime you won't be annoyed.
As said, there's alot of restrictions and we made sure this is nothing malicious.
Currently their project pushing 26Gbit on average, there would be a real problem if it would be malicious.
It will be taken care of and your ip (or ip subnet(s) of course) to be whitelisted 100%
A proper website with better explanation etc etc will come soon I heard.
Why haven't OP made contact at all though?
Other is left up to you and your thoughts.
thanks.
HostSlick is a different company then HostSlim. Different operators. Not related to each other.
However we also house some Racks and own Router, Network etc with hundreds of servers in HostSlim Datacenter in The Netherlands (not related to the customers project)
Why would OP make contact with an unnamed, no impressum, no academic disclosures or ethics board information? First thing you learn is you don't click unsubscribe links on unwanted spam.
I think he was referring to how weird is that a customer or colo client or reseller would make a company name named after the upstream (Makut Investment / Rakar Investment where both are the first few letters of the name)
Yeah you wouldn’t want to accidentally confirm that your IP address is legit and exists. That’s why it’s always best to firewall off every port and ICMP to 0.0.0.0/0 and change the WHOIS details to claim its RFC 1918 space.
At least imo there's a difference between something like http://researchscan1.eecs.berkeley.edu and an "offshore nulled hosting" spewing high pps garbage at you
What evil do you think they might do if you ask them to exclude your IP?
Love how HostSlick dodges this, in acceptance? 😏
They dodge it because they know I can't win. Same goes for RackNerd nowadays. They don't even care if you name them AlphaRacks anymore. Whatever.
case closed
Maybe get a few thousand retweets and you can get them cancelled.
I don't even know who this host is, I just think this is a stupid thing to complain about because it feels like security theater (the idea that port scans are what stand between you and security), opt-in victimization (over reporting by choice, also known as “I didn’t tweak CSF from its obscene defaults”), and theoretical wrongdoings (the unprecedented idea that an opt out request results in being the recipient of an unknown evil intent with no evidence of similar cases occurring). Reminds me of this:
Feels like I remember a time when netizens worked together and didn’t mind talking directly to people they took issue with, but cancel culture has consumed every corner of the internet now. Anytime it’s true that “this can only hurt me if I let it” then that represents an opportunity to let something roll off your back.
And now I realize I’m doing no one any favors because in my efforts to not over complain in 2020 I’ve instead complained about complainers. Being a better person this year is really hard. I sure hope more join me in trying though, fail as we may.
If you don't want to be port scanned, you probably shouldn't expose that server to the public internet.
I can't think of many worse ways to lose lifetime than reporting port scan "abuse".
fail2ban&CSF @ thanks
If you ever need to appear busy, those logs will be useful.
If you saw people you didn't know walking around your neighborhood just trying to open the front door without knocking, what would you do? I mean, it's just inevitable they'll reach a door that was unlocked and then they fuck up the house.
You can say, "well, their fault, they left the door unlocked". But then who gets upset when they move in, squat their with their fucking loser friends and have loud music parties all night long with used condoms and needles on your lawn the next morning.
I'm not the police, but I generally am not going to stand around and let assholes try and get into my shit. They can get off my motherfucking lawn.
It's this "why bother" attitude that enables them. Those that profit from others criminal activity should bear the hassles of aiding the criminals. Send abuse reports right up their asses.
We've enacted laws to prevent spam, telemarketing and door to door sales because we really don't want to be bothered without our permission or a good and necessary reason. Port scanning is same shit, different medium. Don't help the cunts by treating them differently and giving them a free pass. You might as well as stock up on lube and bend over if you're going to be like that.
If I've learned anything on the internet it's that comparing innocuous things to unwanted anal sex is a clear indication that someone is overreacting.
Totally off piste. This reminded me of the "No solicitors" sign outside one of my apartments in the States. Here, a solicitor is a lawyer.
Anal sex is awesome (I'm sure we can all agree), its reference to 'bending over and taking it without complaining' that is the point.
If you want to do stupid comparisons I have one for you that will represent it better.
Somebody rides a car through the neighborhood and looks at houses, if you don't look actively for that you will never notice that. You can close your curtains but that will not stop the car. So you decide to call the police because you feel harassed by that car even though nothing happend at all.
Sounds ridiculous enough?
I start to understand why many providers move their abuse reporting on a webpage with a captcha
.
When a stranger pulls the door handle of your car in front of you, will you ask why he's doing that? To me, port scans are like pulling my car's door handle, and my reporting is to ask why the scanner did that.
While some scanners are claimed to be security researchers as I am told by Amazon EC2, Linode, etc., some are really compromised computers abused by hackers. My reports let the victims be aware of that and fix their systems, protecting their privacy in the end. If you value data privacy and have idle VPSes, perhaps you could do the same.
I do give my IP lists to those security researchers to stop receiving their connection attempts in the future. It does work sometimes.
whoosh
Your comparison is wrong. Think that the same car circled your house several times, checking where your windows are, the gates, the garage door, and who comes and goes from your house.
Ok, this example is simplest and works, so it wins.
There's exceptions to telemarketing and door to door solicitation such as politics, charity, research, etc. Having a system that is able to alert you if your system has open dns resolver, malware bot infection, public snmp equipment, etc would be in the best interest of the general public and would have full public disclosure and opt out systems. I'm ok with that.
But malicious traffic should be properly reported, we just need better IDS systems that obtains sufficient evidence and properly reports all details. Everyone has their own systems, there needs to be an RFC for universal reporting process.
IPBan looks like it's heading that way. Was running it for a bit but ran into a bug and had to quit testing but will go back to it when I have time.
https://github.com/DigitalRuby/IPBan
yes 2 times a day, as the dude travels to their workplace and than back home and there are so many cars that do pass your house and you report them all.
And do you know what happens if you do that? The Police will ignore all reports from you and they will force you into a mental hospital because of paranoia.
If you want to go that route feel free.
I bet next comparison would be about sisters.