I would suggest to use recent information to file such a mail. For me it looks like the are relying on stale information collected a long time ago.
whoever is hosting this stale information ... you simply could query the live DNS and the RIPE whois server ... I agree with Andreas ... they do not carry out professionality. ----- Am 18. Feb 2020 um 9:08 schrieb Silvan M. Gebhardt gebha...@openfactory.ch: > So what I suspect happened is this > > > On 2/18/20 1:51 AM, Andreas Fink wrote: >> 2. The single IP address in the report is not in my network (I used to >> have that IP range in the past but I sold it in 2016. So long long ago. ) > > it might still be registred to you via shadowservers.org OR another org > like this > >> 3. The abuse email they sent the report to is not in the whois of that >> network. > it might be becuase it shows it to belong to you via shadowservers.org > instead. >> 4. The DNS name used in the report is not the reverse PTR of that IP. >> Nor does the forward DNS point to that IP. >> 5. The DNS name points to a host in my network but that host is >> definitively not a IoT device which has any kind of default password. >> Its a solid Linux machine with a up to date distribution with 2 >> usernames only on it with very secure passwords and only one specific >> application running which doesn't talk to outside my network at all. >> If that machine would have gotten hacked, it would surprise me very >> much. At least I have found nothing unusual on that IP. No unexpected >> network activity, CPU load, processes etc. > > > it looks to me like there is something going wrong with > shadowservers.org and any other report like this. seems they just > forwarded it without fact checking, which, is kinda not their job either > (would swamp them massively I guess) > > > so yeah, guess you'd have to ask which source the report came from? > > > > _______________________________________________ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
