See inline responses... ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, June 21, 2019 6:13 PM, Ronald F. Guilmette <r...@tristatelogic.com> wrote:
> https://twitter.com/GreyNoiseIO/status/1129017971135995904 > https://twitter.com/JayTHL/status/1128718224965685248 After forwarding these links to a sanitized client on another network, I saw nothing on the "twitter reports" which suggest these subnets are doing anything other than port scanning. For those who refuse to follow Twitter links (I'm with ya): There is one cropped screen shot of a pcap with some incomplete information for a entirely different subnet and zero useful intel. Am I missing something, or do you have any actual log files to support your claims of malware slinging from these guys? ....and I do not want "popularity contest" results of the twitter-verse - to protect our networks. Real data is needed. We need to know what we are looking for specifically. As for the network probing - this is why those activities are blocked and other techniques are implemented to obscure the usefulness of the data they collect. The way I see it... If people go poking their hands in the honey jars without permission, they may just get something they do not want or expect (I hear non-consensual probing can infect the violator with certain diseases, and that would be a shame) > Friday Questionaire: > > Is there anybody on this list who keeps firewall logs and who > DOESN'T have numerous hits recorded therein from one or more > of the following IP addresses? > [snip] > > NOTE: Dshield has already assigned an 8 rating on their Badness Richter > Scale to the specific one of the above addresses that's been poking me > personally in recent days: > > https://www.dshield.org/ipinfo.html?ip=89.248.162.168 > https://www.dshield.org/ipdetails.html?ip=89.248.162.168 > > And the Dshield rating is just based on the probing. The addition of > malware slinging also puts this whole mess over the top entirely. What malware? > Oh! And I'll save you all the time looking it up.... 100% of the IPs > listed above are on AS202425 "IP Volume, Inc. allegedly of the Seychelles > Islands, where the employees and management are no doubt enjoying their > luxurious and expansive new corporate headquarters... Sounds like a good deal. > > https://bit.ly/2ZBayc4 I do not follow external links generally, as a rule, without compelling need and additional measures taken. > > Regards, > rfg > > P.S. This is the kind of thing that everybody really should expect > when the U.S. Department of Defense takes it upon itself to start up > its own little private and unauthorized (cyber)war on Russia, wthout > first obtaining the consent of Congress... you know, kinda like that > ancient yellowed document that nobody in this country reads anymore > says they should. And apparently, the DoD was understandably not > anxious to brief even the President about all this... > > https://www.businessinsider.com/us-officials-hide-russia-cyber-operation-trump-2019-6 > > (Not that anybody can really blame them for THAT.) P.S - Lets try to keep politics off the list. We get enough of that everywhere else. Thanks, Brad
