All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Seeking provider that is understanding towards service fingerprinting and scanning of the internet.
Generally speaking in my experience providers are not so understanding of my running masscan on 0.0.0.0/0 and banner fingerprinting varying services. What ends up happening is me having to splitting the activity over multiple VPS's this is fine, but it got me wondering what are some providers that the people of LET would recommend for such activity to someone who does not want to split the scanning activity?
The issue at hand is overly aggressive, automated, abuse sending IDS systems even when you do not authenticate to their service, let's say SSH for example, some IDS systems will send abuse complaints because you are initiating a connection to a service in which the sys admins mind you should not be accessing in any way.
This is not a request for some shady host that will allow anything, so called "bulletproof" hosters, they are not the type of people I want to support by sending money to. All I am looking for is a host that has a understanding that in fact mapping the internet does not warrant taking down ones server.
Well except in germany maybe where internet scanning is illegal :-)
Comments
Internet scanning in the way you are talking about is illegal in multiple countries.
Actually, most countries. Including the USA, Canada, UK, Russia even ---
Not to mention you're creating a HUGE footprint for yourself under a host's IP.
That host has to deal with the burden of having an IP that is now burned permanently in AbuseIPDB, Spamhaus, etc. If you've taken multiple IPs or VMs from them, this can end up with their entire subnet or ASN in Spamhaus.
If that host rents their IPs, they now have the IP holders coming to them - this can ruin their entire business.
So no - you're not going to find anyone who will allow this - no matter what they claim - unless they are such "bulletproof" or bad hosts that are already on the shitlist of every blocklist there is.
I think you are mistaken, it is not illegal in most countries. it would be the equivalent of being illegal to access an unauthenticated open directory and downloading a customer list, the illegality is not in accessing that customer list but in fact in what you do from that point on with that list, well this is for the USA at least please see weev's court case with AT&T as long as one does not authenticate to a system they are not allowed to be in it is generally legally allowed to access information provided on that system, like the ssh login banner as per the example in the initial post.
There is also this article from shadowserver which is a private sector organization that cooperates closely with law enforcement to help actions against bad actors.
this news article from eff is more relevant than the cnet article i posted in the previous message, I just took the first search result when writing the message and it did in fact not go into the details of the case that I was referring to.
In 2010, Auernheimer's co-defendant, Daniel Spitler, discovered that AT&T had configured its servers to make the email addresses of iPad owners publicly available on the Internet. Spitler wrote a script and collected roughly 114,000 email addresses as a result of the security flaw. Auernheimer then distributed the list of email addresses to media organizations as proof of the vulnerability, ultimately forcing AT&T to acknowledge and fix the security problem.the court suggested that there may have been no CFAA violation, since no code-based restrictions to access had been circumvented.I can't wait to see the public offers and recommended providers for port scanning activities.
Rent your own IPs. Use Mullvad. Nobody* will willingly let you get their abuse@ mailbox spammed.
*Maybe @HostSlick or @Verasel ?I don't think lowendtalk is an appropriate place for your request. Maybe try dark web
WTF is this??? ROTFL
Totally missed this one.
As for it being illegal, yes it is, you are committing a crime known as "Unauthorized Access to Computer Systems" in the USA which DOES include the crime of "Attempting to gain access to a computer system, secured or unsecured, for which the accused does not have the express permission of the systems owner or maintainer to access." - notice secured or unsecured. The same mentality applies to my home. If my front door is unlocked that doesn't give you the right to go inside.
Just because there are some organizations like shadowserver and CenSys that do this, does not make it legal. It means they are "accepted" in doing it by governments that rely on them snitching on people and for companies that use it for cyber security analytics.
In the EU - there is an entire section on this in law also, that clearly makes it a crime to "attempt to harvest data without the consent of the party from which the data is harvested". This includes things like for example scraping APIs, scanning the entire internet to maintain a database of services that aren't publicly listed, etc.
Do we have any lawyers in here? I would love to have input from some of them on this - as it's been a while since I last did a deep-dive on this kind of stuff. I know it may be a "grey area" to some, as they don't normally prosecute for it, but if done in bulk without making prior agreements with government for non-prosecution and without the permission of the networks you're scanning, could this not be prosecuted if it got out of hand?
Finally - regardless of the legalities - not many hosts want their IPs on every blacklist from here to the moon... so that would be a larger issue than the legalities.
Real-world gotchas:
Not legal advice, just chatgpt o3
Why?
I am not a lawyer but it is my understanding that regarding USA, case law takes precedence. And do you think shadow server and censys has the green light from all netblocks they scan? no but what they do do is be a good internet neighbor and if someone requests not to be scanned they stop scanning, blacklists for exactly this exist.
I also think you are wrong regarding the scraping of APIs but this seems to be undecided and we can only agree to disagree the question is currently being brought up in supreme court on request of Ohio so hopefully we can get a black and white answer instead of a gray area in the future.
To build statistics and observe change. What kinda systems are out there in the ether? I like this question :-) some people enjoy planting flowers and watching them grow me myself I enjoy watching the internet grow :-)
Again, ultra paranoia. You need tent and 6 months tour in death canyon without any electronics. Nature cures.
Do you scan all IPv6 too?
This is simply wrong. If you're trying to reference the GDPR, that is not how it's interpreted in this context.
This is in no way legal advice, but, from my personal experience, scraping of publicly available information is legal. Where it gets tricky is when PII is involved, or when you're starting to bypass security measures (i.e. captcha, logins).
When it comes to PII, it's almost never allowed. Because GDPR, no consent, yadda yadda yadda. Bypassing security measures (in the context of scraping) is more of a civil problem, not a criminal one.
Not currently, its so vast but its an interesting proposal that I have thought about more then once on how to execute in an efficient manner.
no its not
Do you think it's worth the effort to maintain such data and keep it up to date? Given that scale (IPv4 for now), SSH fingerprints and ports are constantly changing.
I also pinged every possible public ipv4 and got no e-mail whatsoever. AbuseIPDB says 80% score of abuse
Not solely GDPR. For example there is the Database Directive, in the EU which DOES strictly forbid scraping up databases in an attempt to recreate the entire database. There was an airline trial about this and they ruled that it was indeed illegal to attempt to harvest data from a PUBLIC API.
There is also the Digital Single Market Directive. This one is especially important if you're scraping data from inside of the EU and using it / storing it outside of the EU.
The problem with scanning IP space is the same. If you are scanning and catching the "banners" as he claims, a lot of them will contain a company name, address, email address, or other info that will be PII and be subject to both the Digital Single Market Directive and GDPR.
Not legal advice - just stating my understanding of it - which I had researched in the past due to projects of my own that I thought to start and could possibly cross those lines hints were never done.
EDIT: Just checked something. Apparently EU law DOES consider an IP address to be PII. So even just keeping the database he wants to create would be a violation of GDPR if nobody is told he's doing it before hand and isn't given the opportunity to opt-out BEFORE the collection begins. Or am I missing something here?
AbuseIPDB sucks
That is good to know! Why it is so bad?
Honestly I don't understand why AbuseIPDB still exists if there is way better alternatives as CrowdSec exist (still not ideal but at least their monetisation model makes sense and they DO care about possible false-positive reports)
Yes, It is my opinion that it is very much worth it :-)
On dedicated servers we can, VPS not.
And at best customer brings his own ASN and IPs.
1) incorrect - you can go to abuseipdb.com and check any IP you want, including full /24 subnets, /64 for v6,etc. without even having an account
2) the limit is 5000/day for API and unlimited for manual through website --- pretty generous and there is no paying to get more --- you just wait until midnight
3) the reports are moderated in the fact that there is a "flag" option for false reports which are sent to a mod to verify with the person who reported it. there is also a weight system to report - so not everyone's reports count the same. if you signed up yesterday and only reported 3 IPs, your report will count less than someone that signed up a year ago and report 3 million IPs (verified reports).
4) there's actually a takedown button - if you cleaned up the abuse you can usually use that. it will remove it instantly if it's a one-time thing with no history...
AbuseIPDB is the most fair and accurate in their ratings. Most people who use it to block only block above 80% risk score, some even 100% risk score. So it isn't being used to block you from a single report. If you're getting blocked based on reports, you've pissed off a lot of admins or IDS...
Okay I now see that you have never actually tried to use AbuseIPDB and have no idea what you are talking about
Nope.. not at all...
https://www.abuseipdb.com/user/218269
Exactly as I said.
lol what a load of shit. of course you wanna "watch the internet grow" from somebody else's basement or apartment