Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Looking for Packets for IP address 71.6.165.200 SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Looking for Packets for IP address 71.6.165.200
hi, i also got today after i check on my access_log:
71.6.165.200 - - [05/Jun/2016:14:02:16 -0400] "" 400 0 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:17 -0400] "" 400 0 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:17 -0400] "" 400 0 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:17 -0400] "" 400 0 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:18 -0400] "GET /robots.txt HTTP/1.1" 200 5771 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:18 -0400] "GET /sitemap.xml HTTP/1.1" 200 54227 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:21 -0400] "quit" 400 166 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:22 -0400] "" 400 0 "-" "-"

i have check this IP, its based on shodan, where shodan is?
IP: 71.6.165.200
Decimal: 1191617992
Hostname: census12.shodan.io
ASN: 10439
ISP: CariNet
Organization: CariNet
Services: None detected

how i protect my site: https://www.whydocs.net/ form this IP
Anonymous
I also can confirm the bs of this Shodan reply. I have built Unix servers since 1997. These people claim they are just randomly scanning. No. Every single time I bring a server online and open up services, they get hit. SSL email attempts, FTP attemps the list is endless. Sometimes from Universities like in MN. Lately it's been from Carinet. I have blocked over 15 subnets and found a new one in a log this morning. If you dig around, you can find more interesting information on Carinet itself. Just my 2 cents - and I did not check the date of this comment - so who knows - could be years late :)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!