[IPv6crawler-wg] Response to port scanning security alert

Olivier MJ Crepin-Leblond ocl at gih.com
Sun Sep 19 16:54:33 BST 2010 

 Hello Colin,

indeed, the UK zone was crawled last week.
This will be done monthly and results recorded, to identify trends in
the spread of IPv6 over time.
As I mentioned in my previous message:

> The tests will take place on a monthly basis, and you therefore might be
> receiving recurring security alerts in the future, unless you can
> parameter your firewall to ignore alerts from our crawler which runs on
> from 212.124.204.162.
> Alternatively, I would be happy to take your domain name out of the
> crawler's site testing list. If so, please email me the list of domain
> names which you are in charge of and I'll make sure they are removed
> from the testing list.


You can see the results on the Web Site's data archives.
http://www.ipv6matrix.org/

Kind regards,

Olivier

Le 18/09/2010 17:05, Colin Johnston a écrit :
> same scanning happened last week as well
>
> Why ?
>
> Colin
>
> On 2 Aug 2010, at 15:54, Olivier MJ Crepin-Leblond wrote:
>
>> Eric,
>>
>> just a quick follow-up:
>>
>> On 01/08/2010 23:10, Olivier MJ Crepin-Leblond wrote :
>>>
>>>> Two suggestions ..
>>>>
>>>> 1.  We suggest that you put text at the index page of the web
>>>> server(s) http://212.124.204.162/ and http://turtle.ipv6matrix.org/
>>>> explaining about your project. - perhaps some of your text in this
>>>> email might help.  It is usual for search engine robots to leave a
>>>> trail in the scanned server log file giving the url of the robot and
>>>> if the server owner accesses that url it says something like "We are a
>>>> robot collecting ..." This is reassuring to the scanned server owner.
>>>>
>>> Very good idea indeed. I was initially thinking of shutting the Web
>>> server down, but now that you mention this, I'll put something together
>>> this week, with a link to the www.ipv6matrix.org results.
>>>
>> Done.
>>
>>>> 2. Somehow our firewall detects that your IP address is called
>>>> turtle.ipv6matrix.org  We wonder if the wording might be changed.
>>>> networkscan.ipv6matrix.org   would be more meaningful.  We get many
>>>> scanning attacks from all over the web and often the apparent source
>>>> IP address has many PCs hidden in a LAN behind it.
>>>>
>>> We've got a CNAME as crawler.ipv6matrix.org, but I think you're right,
>>> this would probably be helpful to anyone enquiring, to swap the name &
>>> cname round. Yesterday, I added a DNS TXT field to turtle.ipv6matrix.org
>>> which points to the Web server. I'll ask my Team what they think of the
>>> idea of swapping the names around and act accordingly.
>>>
>> Done.
>>
>> Warm regards,
>>
>> Olivier
>>
>> -- 
>> Olivier MJ Crépin-Leblond, PhD
>> http://www.gih.com/ocl.html
>>
>

-- 
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html

More information about the IPv6crawler-wg mailing list