New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Those Scans from 18.171.7.246 and 35.177.10.231 are the UK Gov't
raindog308
Administrator, Veteran
in General
The British government is scanning the Internet (or at least what they perceive as the UK part of it).
You can opt out.
Comments
lol
Unwritten:
Will the UK government try to inform and assist UK businesses with exploitable vulnerabilities?
(My guess: Not initially and probably never.)
Did the UK government add "A hostile foreign government or hacking group steals the database with the vulnerabilities list for UK businesses" to its cybersecurity risk assessment and mitigation plans?
(My guess: No. Did they consider it? My guess: Yes, but they are not concerned. After all, they are the UK government and they have the best cyber security experts available, so the chances that the database could be hacked are too remote to be a concern.)
I mean, just to save them some trouble in case they accidentally target the wrong servers:
Don't the Germans do something similar?
I remember receiving emails from the Federal Office for Information Security (BSI) via Hetzner support for some of my dedi's with them.
Edit: I guess it isn't hugely different to something like Shodan.
Scanning the internet means, scanning the UK IPS and networks or the entire internet?
IIRC, HD Moore did something similar many years ago, but it was the entire Internet I believe - for research purposes of course
NSA and GCHQ still exist, they at least here do it publicly so I guess yes.
Yup, one of the things that they look is telnet banners on port 23. I received a notice once for running a honeypot.
... and how did they find you to send that notice?
It automatically gets dispatched to the owner of the IP address, the ISP/provider then forward it on to the relevant client.
They've been doing this for years. We (a datacentre) get a .csv every morning with a list of IP addresses on it that is running a service that is vulnerable to a known exploit.
Reasonable ISP's have been doing this for a decade or more since DNS and SNMP amplification attacks years ago.
To get a notice from UK Gov saying port 161 or something is open and potential attack vector and the likes is good for everyone. Full. Stop.
Chinese government is doing it. It's just common sense to do it yourself but actually try and prevent attacks.