I have a Firewall+IPS+IDS+++++ so I do check it often at times, I even report to ISP’s and other places of their hacked or …… systems
Today I noticed 141.212.121.0/25 attempting to scan-connect via 443 port(SSL)
From 6 deferent hosts via random times/dates
So I contacted http://www.umich.edu, and spoke with one of them dude’s on a phone “ chef of a security ”
Here is what I got in respond:
Below is an explanation from the researchers involved in the project that is generating the network activity that you are detecting. The machines being used for this research are within 141.212.121.0/25.
HIDDEN NAME
Data Security Analyst
Information & Infrastructure Assurance, University of Michigan
These machines are part of an Internet-wide network survey being conducted by computer scientists at the University of Michigan. The survey involves making TCP connection attempts to large subsets of the public IP address space and analyzing the responses. We select addresses to contact in a random order, and each address receives only a very small number of connection attempts. We do not attempt to guess passwords or access data that is not publicly visible at the address. The goal of this research is to better understand the global use of Internet protocols, including HTTPS and SSH.
So too make this story short,….. they’ll be doing this for few more months and if you like to be opted-out you have to let them know(I don’t know what them students are upto now a days…….) but i can tell you this they haven't luanched any payloads_BoF or such but just kind been holding connection open
I wish sonic.net added a security topic/forum sections…..
I would input few things on to it for sure ( i even have an amazon ebay .... shell systems that are still active -somebody either attmped to scan me or launch payload(s) @ me with those shells, some companies are good/better then others to deal with it)
Today I noticed 141.212.121.0/25 attempting to scan-connect via 443 port(SSL)
From 6 deferent hosts via random times/dates
So I contacted http://www.umich.edu, and spoke with one of them dude’s on a phone “ chef of a security ”
Here is what I got in respond:
Below is an explanation from the researchers involved in the project that is generating the network activity that you are detecting. The machines being used for this research are within 141.212.121.0/25.
HIDDEN NAME
Data Security Analyst
Information & Infrastructure Assurance, University of Michigan
These machines are part of an Internet-wide network survey being conducted by computer scientists at the University of Michigan. The survey involves making TCP connection attempts to large subsets of the public IP address space and analyzing the responses. We select addresses to contact in a random order, and each address receives only a very small number of connection attempts. We do not attempt to guess passwords or access data that is not publicly visible at the address. The goal of this research is to better understand the global use of Internet protocols, including HTTPS and SSH.
So too make this story short,….. they’ll be doing this for few more months and if you like to be opted-out you have to let them know(I don’t know what them students are upto now a days…….) but i can tell you this they haven't luanched any payloads_BoF or such but just kind been holding connection open
I wish sonic.net added a security topic/forum sections…..
I would input few things on to it for sure ( i even have an amazon ebay .... shell systems that are still active -somebody either attmped to scan me or launch payload(s) @ me with those shells, some companies are good/better then others to deal with it)
