What is up with recyber , criminalip ?

I often see these services making port scan requests

https://recyber.net/
https://security.criminalip.com/

Both says they are scanning your server / ips for research purpose ..

What is their research, finding open ports / ssh ports and then use brute force attack on them ?

Comments

  • @Saahib said:

    What is their research, finding open ports / ssh ports and then use brute force attack on them ?

    Have you seen any brute force attacks from them?
    If yes, then the answer is yes.
    If no, then probably not.

    Portscans are a normal part of the noise on the internet, there are many organizations/companies that collects vast amount of information and statistics that way. I do not see portscans as attacks as long as they do a simple scan, however, any failed login attempt will get them blocked.

  • Some port scanner is crashing our software: https://redmine.named-data.net/issues/5158
    Specifically, the scanner makes a TCP connection then immediately transmits RST packet, which triggers software bug.

    Does this count as attack or normal Internet noise?

  • @yoursunny said:
    Some port scanner is crashing our software: https://redmine.named-data.net/issues/5158
    Specifically, the scanner makes a TCP connection then immediately transmits RST packet, which triggers software bug.

    Does this count as attack or normal Internet noise?

    I would count it as a bug in your software, nothing more and nothing less.

    Thanked by (1)yoursunny
  • @rcy026 said:

    @Saahib said:

    What is their research, finding open ports / ssh ports and then use brute force attack on them ?

    Have you seen any brute force attacks from them?
    If yes, then the answer is yes.
    If no, then probably not.

    Portscans are a normal part of the noise on the internet, there are many organizations/companies that collects vast amount of information and statistics that way. I do not see portscans as attacks as long as they do a simple scan, however, any failed login attempt will get them blocked.

    I do receive thousands of brute force attacks daily once they figure out ports (specially ssh) . What if they are finding ports for others ?

    Yet pretending to be legit, what is purpose of this noise (port scan research ) ?

  • @Saahib said:

    @rcy026 said:

    @Saahib said:

    What is their research, finding open ports / ssh ports and then use brute force attack on them ?

    Have you seen any brute force attacks from them?
    If yes, then the answer is yes.
    If no, then probably not.

    Portscans are a normal part of the noise on the internet, there are many organizations/companies that collects vast amount of information and statistics that way. I do not see portscans as attacks as long as they do a simple scan, however, any failed login attempt will get them blocked.

    I do receive thousands of brute force attacks daily once they figure out ports (specially ssh) . What if they are finding ports for others ?

    Yet pretending to be legit, what is purpose of this noise (port scan research ) ?

    If it's a problem for you just block them or simply ask to be added to their whitelist, they both have clear instructions on their website. That alone should give you a hint that they are legit.

Sign In or Register to comment.