[IPv6crawler-wg] Response to port scanning security alert
Olivier MJ Crepin-Leblond
ocl at gih.com
Mon Aug 2 15:54:48 BST 2010
Eric,
just a quick follow-up:
On 01/08/2010 23:10, Olivier MJ Crepin-Leblond wrote :
>
>
>> Two suggestions ..
>>
>> 1. We suggest that you put text at the index page of the web
>> server(s) http://212.124.204.162/ and http://turtle.ipv6matrix.org/
>> explaining about your project. - perhaps some of your text in this
>> email might help. It is usual for search engine robots to leave a
>> trail in the scanned server log file giving the url of the robot and
>> if the server owner accesses that url it says something like "We are a
>> robot collecting ..." This is reassuring to the scanned server owner.
>>
> Very good idea indeed. I was initially thinking of shutting the Web
> server down, but now that you mention this, I'll put something together
> this week, with a link to the www.ipv6matrix.org results.
>
Done.
>> 2. Somehow our firewall detects that your IP address is called
>> turtle.ipv6matrix.org We wonder if the wording might be changed.
>> networkscan.ipv6matrix.org would be more meaningful. We get many
>> scanning attacks from all over the web and often the apparent source
>> IP address has many PCs hidden in a LAN behind it.
>>
> We've got a CNAME as crawler.ipv6matrix.org, but I think you're right,
> this would probably be helpful to anyone enquiring, to swap the name &
> cname round. Yesterday, I added a DNS TXT field to turtle.ipv6matrix.org
> which points to the Web server. I'll ask my Team what they think of the
> idea of swapping the names around and act accordingly.
>
Done.
Warm regards,
Olivier
--
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html
More information about the IPv6crawler-wg
mailing list