Turns out that more people are getting into the scanning act. From the
last 20 hours or so (only new addresses):
* There are a bunch of IP addresses in a block assigned to Kudelski
Security in Switzerland. These are just doing READVAR commands --
presumably to get the version and also to discover if "restrict noquery"
is set. (example address: 185.35.62.106). Curiously enough, if you
respond to the readvar command, they send back an ICMP unreachable.
* Rapid7 has joined the scanning party (many addresses including
71.6.216.62). They also have the strange ICMP unreachable behavior, and
they are also just doing READVAR commands.
* 93.180.5.26: Moscow -- regular MON_GETLIST scanning
* 37.187.16.147: Hosted box at OVH -- regular MON_GETLIST scanning
Philip
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
