What is up with recyber , criminalip ?

I often see these services making port scan requests

https://recyber.net/
https://security.criminalip.com/

Both says they are scanning your server / ips for research purpose ..

What is their research, finding open ports / ssh ports and then use brute force attack on them ?

Comments

  • @Saahib said:

    What is their research, finding open ports / ssh ports and then use brute force attack on them ?

    Have you seen any brute force attacks from them?
    If yes, then the answer is yes.
    If no, then probably not.

    Portscans are a normal part of the noise on the internet, there are many organizations/companies that collects vast amount of information and statistics that way. I do not see portscans as attacks as long as they do a simple scan, however, any failed login attempt will get them blocked.

  • Some port scanner is crashing our software: https://redmine.named-data.net/issues/5158
    Specifically, the scanner makes a TCP connection then immediately transmits RST packet, which triggers software bug.

    Does this count as attack or normal Internet noise?

    The end is nigh for Ubuntu 16.04. Providers still offering Ubuntu 16.04 past EOL will be ashamed.

  • @yoursunny said:
    Some port scanner is crashing our software: https://redmine.named-data.net/issues/5158
    Specifically, the scanner makes a TCP connection then immediately transmits RST packet, which triggers software bug.

    Does this count as attack or normal Internet noise?

    I would count it as a bug in your software, nothing more and nothing less.

    Thanked by (1)yoursunny
  • @rcy026 said:

    @Saahib said:

    What is their research, finding open ports / ssh ports and then use brute force attack on them ?

    Have you seen any brute force attacks from them?
    If yes, then the answer is yes.
    If no, then probably not.

    Portscans are a normal part of the noise on the internet, there are many organizations/companies that collects vast amount of information and statistics that way. I do not see portscans as attacks as long as they do a simple scan, however, any failed login attempt will get them blocked.

    I do receive thousands of brute force attacks daily once they figure out ports (specially ssh) . What if they are finding ports for others ?

    Yet pretending to be legit, what is purpose of this noise (port scan research ) ?

  • @Saahib said:

    @rcy026 said:

    @Saahib said:

    What is their research, finding open ports / ssh ports and then use brute force attack on them ?

    Have you seen any brute force attacks from them?
    If yes, then the answer is yes.
    If no, then probably not.

    Portscans are a normal part of the noise on the internet, there are many organizations/companies that collects vast amount of information and statistics that way. I do not see portscans as attacks as long as they do a simple scan, however, any failed login attempt will get them blocked.

    I do receive thousands of brute force attacks daily once they figure out ports (specially ssh) . What if they are finding ports for others ?

    Yet pretending to be legit, what is purpose of this noise (port scan research ) ?

    If it's a problem for you just block them or simply ask to be added to their whitelist, they both have clear instructions on their website. That alone should give you a hint that they are legit.

Sign In or Register to comment.