[IPv6crawler-wg] Response to port scanning security alert
Colin Johnston
colinj at mx5.org.uk
Sat Sep 18 16:05:51 BST 2010
same scanning happened last week as well
Why ?
Colin
On 2 Aug 2010, at 15:54, Olivier MJ Crepin-Leblond wrote:
> Eric,
>
> just a quick follow-up:
>
> On 01/08/2010 23:10, Olivier MJ Crepin-Leblond wrote :
>>
>>
>>> Two suggestions ..
>>>
>>> 1. We suggest that you put text at the index page of the web
>>> server(s) http://212.124.204.162/ and http://turtle.ipv6matrix.org/
>>> explaining about your project. - perhaps some of your text in this
>>> email might help. It is usual for search engine robots to leave a
>>> trail in the scanned server log file giving the url of the robot and
>>> if the server owner accesses that url it says something like "We are a
>>> robot collecting ..." This is reassuring to the scanned server owner.
>>>
>> Very good idea indeed. I was initially thinking of shutting the Web
>> server down, but now that you mention this, I'll put something together
>> this week, with a link to the www.ipv6matrix.org results.
>>
>
> Done.
>
>>> 2. Somehow our firewall detects that your IP address is called
>>> turtle.ipv6matrix.org We wonder if the wording might be changed.
>>> networkscan.ipv6matrix.org would be more meaningful. We get many
>>> scanning attacks from all over the web and often the apparent source
>>> IP address has many PCs hidden in a LAN behind it.
>>>
>> We've got a CNAME as crawler.ipv6matrix.org, but I think you're right,
>> this would probably be helpful to anyone enquiring, to swap the name &
>> cname round. Yesterday, I added a DNS TXT field to turtle.ipv6matrix.org
>> which points to the Web server. I'll ask my Team what they think of the
>> idea of swapping the names around and act accordingly.
>>
>
> Done.
>
> Warm regards,
>
> Olivier
>
> --
> Olivier MJ Crépin-Leblond, PhD
> http://www.gih.com/ocl.html
>
More information about the IPv6crawler-wg
mailing list