Hello All,

For some reason, I was constantly getting portscanned by a security company of some kind here in the US. Here's their whois info:

===
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#


NetRange: 162.142.125.0 - 162.142.125.255
CIDR: 162.142.125.0/24
NetName: CENSY
NetHandle: NET-162-142-125-0-1
Parent: NET162 (NET-162-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Censys, Inc. (CENSY)
RegDate: 2020-06-12
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/162.142.125.0



OrgName: Censys, Inc.
OrgId: CENSY
Address: 116 1/2 S Main Street
City: Ann Arbor
StateProv: MI
PostalCode: 48104
Country: US
RegDate: 2018-08-06
Updated: 2019-08-03
Comment: https://censys.io
Ref: https://rdap.arin.net/registry/entity/CENSY


OrgTechHandle: COT12-ARIN
OrgTechName: Censys Operations Team
OrgTechPhone: +1-248-629-0125
OrgTechEmail: ops@censys.io
OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN

OrgAbuseHandle: CAT20-ARIN
OrgAbuseName: Censys Abuse Team
OrgAbusePhone: +1-248-629-0125
OrgAbuseEmail: scan-abuse@censys.io
OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN

OrgNOCHandle: COT12-ARIN
OrgNOCName: Censys Operations Team
OrgNOCPhone: +1-248-629-0125
OrgNOCEmail: ops@censys.io
OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#
===

I've since blocked their allotted /24 IP range but has anyone had any problems with them?

-- Sean

... If at first you don't succeed, try something else.
--- GoldED/2 3.0.1
* Origin: Micronet World HQ - bbs.outpostbbs.net:10123 (618:618/1)

I've since blocked their allotted /24 IP range but has anyone had any problems >ith them?

I have not noticed it, but thanks for the info. I will keep an eye out.

With them being a security company, I wonder if that made them a target for someone to turn into a botnet?

Mike


* SLMR 2.1a * "Tryin' is the first step towards failure." - Homer
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (618:250/1)

Hello Sean,

Answering a msg of <20 Jul 22>, from you to All:

i do not really care about network scans, i'm using fail2ban, and it does
its job. :)

Regards,
--
dp

telnet://bbs.roonsbbs.hu:1212 <<=-

... 0:08am up 15 days, 16:46:51, load: 86 processes, 291 threads.
--- GoldED/2 1.1.4.7+EMX
* Origin: Roon's BBS - Budapest, HUNGARY +36-1-4454412 (618:520/10)

Hello Daniel,

Wednesday July 20 2022 22:13, you wrote to me:

i do not really care about network scans, i'm using fail2ban, and it
does its job. :)

f2b is great but with pfSense, there's no need for f2b in this case. Since I am not running ssh anymore nor am I running on port 23, I really don't get too many problems. If I get really worried, I can set up OS/2's firewall which is actually very powerful.

-- Sean

... Be a team player. It spreads out the blame.
--- GoldED/2 3.0.1
* Origin: Micronet World HQ - bbs.outpostbbs.net:10123 (618:618/1)

Hello Mike,

Wednesday July 20 2022 16:09, you wrote to me:

With them being a security company, I wonder if that made them a
target for someone to turn into a botnet?

They've been nosy for the past year or so but I mostly ignored it. However, with pfSense, I just block them on the edge of my network and no more issues. :D

-- Sean

... How you look depends on where you go.
--- GoldED/2 3.0.1
* Origin: Micronet World HQ - bbs.outpostbbs.net:10123 (618:618/1)