New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
It doesn't report anything incorrectly except when some idiot decides to spoof just to make a point. Which is dumb af. In the months it was running, not a single false report. I checked it often. All IPs were already listed there with high scores and not a single one was something innocent. Until we got into this discussion here and someone decided to do it to "make a point".
Because a flaw in a system exists, doesn't make the entire system wrong. It means it was made by a human.
Everything in this world can be abused or used properly. Because something can be abused, doesn't make it bad. It makes the person abusing it a bad person.
Oke so it doesn't report anything incorrectly unless it reports something incorrectly, great logic man.
A big flaw because there are a lot of dumbasses like you that report something for just connecting, use something like Crowdsec or fail2ban which actually reports hacking attempts and more than just a knock on the door.
That is not how the world works sadly, if something is easily abused people will abuse it which makes the system wrong. If dumbasses like yourself can report IPs for just knocking on your door like Jehovah's Witnesses do that makes the system broken since not all Jehovah's Witnesses are thiefs trying to penetrate your asshole.
1) It works fine if you don't know it exists doesn't it? The second I publicize it here, no longer a secret that there is an IP listening and reporting is it? Then it is now open to abuse - only because it was publicized. Some things work only because they are secret. Once it's known - it can be abused. The logic is correct - if someone is accessing an IP they shouldn't be (that is virgin never used IP and not like other IPs that could be mistyped) they are up to something, weather that be scanning or attempts at hacking.
2) It isn't a big flaw until someone knows it exists - which came out here and was then abused. Before it was posted about here, nobody knew it existed to abuse it.
Read point 1 of my last comment. If you are knocking a door of someone down a back road with no signs leading to it - you're liable to get shot in real-life. Being places you shouldn't be is the issue - not why you're there.
No need to know about specific IPv4 addresses, just send many packets with specific spoofed src IP and dst IP from entire 0.0.0.0/0 and it will hit all systems like your, hence there will be many abuseipdb reports like yours from systems behaving similarly, and it is exactly what was reported by @384_cz in this thread yesterday.
That is not true at all. You're not allowed to shoot someone for knocking on your door.
You must not understand small town America's take on Castle Doctrine?
If someone comes to your door and you're in a place with a no-trespassing sign down at the road, down some long dark road behind trees, not trying to be public, and someone still comes to that door in the middle of the night when you aren't out --- they get shot first and questions asked later - -- and 9/10 times the police deem it "justified" if you didn't first announce yourself... but yeah.... the analogy still stands. If it isn't advertised, anyone accessing it is scanning entire range and should not be doing so.
So are there signs or are there no signs? I am getting so confused. I know Castle Doctrine, but are there signs or no sings?
Never seen this a day in my life - it might happen when someone specifically targets you to false report you - but it doesn't happen commonly enough to warrant this long discussion about it. The main use of "spoofing" is to spoof a victim's IP to send DNS, NTP, etc requests to get huge responses back in a DDoS. It isn't normally used to get IPs blacklisted.
Depends on the state. In Texas for example, you don't need a no trespassing sign if it's clear that it's private property to a standard observer. That means even those wooden cowboy fences out by the road count, a trail through the trees that is an obvious car path, and then a house in the middle of the woods -- kind of screams private property wouldn't you think?
Every state is different on this - and I'm no lawyer so not gonna try to quote all. I've only lived in 10 of them before leaving the USA.
Yes my apologies mr sir avsisp, youre right and I was wrong all this time. Enjoy prison stalker child.
Not sure why I would go to prison --- weird comment. Are you off your meds or something?
Anyways, for reference my Texas example: https://chatgpt.com/share/68936597-4cc4-800f-b36b-77df17e85f55
I made sure to check that it includes references to relevant laws and break down for you. I know this 100% to be true from experience. A friend in Texas did shoot someone in the middle of the night sneaking around his house. And the cops found him bleeding in the field - they took the guy - not my friend. So it happens commonly.
Are you on meds? And never link ChatGPT to me you absolut idiot.
Yeah - I won't be replying anymore to you here or anywhere. I really hope you get the help you need.
It isn't okay to act the way you do and I'm really sorry for whatever happened that made you like this - but you really should seek some help - my final words here.
Youre a funny man but there is nothing wrong with me.
I don't think this is the correct analogy. If you are trying to see what runs on publicly accessible IP address I don't threaten your security and you shouldn't be able to shoot me. If I was trying to hack into your server, or private network, steal personal information then sure it's a different situation.
But sending ping or http request and listening who replies isn't criminal activity. You don't have to reply. It would only became issue if I took dozen other guys keep knocking on your door 24/7, that's either waste of resources of a white hat guy or straight up abuse from a bad guy.
Nobody said I'm going to shoot you lol It was an analogy and points to the problem. People do things on the internet they would never do in real life. In real life you get shot, on the internet you should be blocked, that was the point.
As for you sending pings and http requests, if they are uninvited and that IP isn't advertising anything, yes, it's bad. And you hit the nail on the head with the last part - and that IS the issue. You know how many scans we get daily? 1000s. That IS a problem. Before switching to XDP, I used iptables and a PREROUTING raw DROP rule for this like the script sample that was on github does. And doing so, you can see the total bandwidth each droprule by ipset dropped. In my case, just from scanners that were hitting an unbound IP far up in the range (think over .200 high), over 1GB/day in dropped traffic. That might not seem like a lot at first glance for a server, but that is to a SINGLE IP. That is the issue. Your "harmless scans" do many things to systems admins:
1) You can scan to find services that might be vulnerable and later exploit those vulnerabilities. No system is 100% secure and your scans WILL find something in the IP range that is vulnerable, weather it belongs to the host itself or a client - that is regardless. CVEs are released often and there are believed to be many more "zero-days" that are not yet known.
2) Your scans WILL abuse the host by wasting their system resources. Every tiny fraction of CPU cycle, hard drive cycles, and bandwidth might not by themselves raise costs, but compounded by 1000s of others doing the same thing, it adds up to a measurable amount.
@avsisp https://www.abuseipdb.com/check/31.57.56.1 why is your network doing malicious things?
First of its kind against Tor but the cat is out of the bag, lets say someone is hosting on your network and has some issues with a malicious actor that then sends spoofed packets from this ip will you suspend your customer when abuse complaints come through?> @ScreenReader said:
I do not have my own ASN or IP, also do not own institution / org, but I would be willing to respect people's whitelist request.
Port scanning is not illegal unless used for harming purposes.
We might be talking about different things. How does a spoofed source packet receive useful response (the fingerprint)?
It doesn't. What I meant is that it is bad idea to ban/report IP address that could be spoofed.
Depends on the country
Thanks.
Specs (Standard NL - $20/mo.):
4 CPU Core(s)
8GB RAM
50GB NVMe Disk
1 IPv4 Address DDoS Protection
12TB Bandwidth (UNMETERED FAIR USE INBOUND)
1.8 Gbit Upload Network Speed
10 Gbit Download Network Speed
Netherlands, Amsterdam
DMCA IGNORED (Court Order / Lawyer Signed Doc Required for removal)
Port Scanning Allowed
YABS:
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
Yet-Another-Bench-Script
v2025-04-20
https://github.com/masonr/yet-another-bench-script
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
Thu Aug 7 03:40:47 PM CEST 2025
Basic System Information:
Uptime : 0 days, 0 hours, 7 minutes
Processor : AMD Ryzen 9 9950X 16-Core Processor
CPU cores : 4 @ 4291.912 MHz
AES-NI : ✔ Enabled
VM-x/AMD-V : ✔ Enabled
RAM : 7.7 GiB
Swap : 1024.0 MiB
Disk : 49.9 GiB
Distro : Kali GNU/Linux Rolling
Kernel : 6.12.33+kali-amd64
VM Type : KVM
IPv4/IPv6 : ✔ Online / ✔ Online
IPv6 Network Information:
ISP : Gravhosting LLC
ASN : AS215292 Gravhosting LLC
Host : Gravhosting Ltd
Location : Amsterdam, North Holland (NH)
Country : The Netherlands
fio Disk Speed Tests (Mixed R/W 50/50) (Partition /dev/vda3):
iperf3 Network Speed Tests (IPv4):
iperf3 Network Speed Tests (IPv6):
Geekbench 6 Benchmark Test:
Test | Value
|
Single Core | 3411
Multi Core | 9902
Full Test | https://browser.geekbench.com/v6/cpu/13212811
YABS completed in 12 min 29 sec
What use case are you referring to? If someone is sending the same packets over and over and clearly a DOS, or a port probe using minimal packets (fingerprinting)? (Looks at thread topic)
Not a use case, someone could just specifically craft same packet to accuse someone of doing malicious activity while they don't actually do it.
It's kind of on the side receiving the abuse report to validate and take action.
While I agree with this, I still stand still that you must not act upon unreliable evidence (one that easily forged).