Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Looking for Packets for IP address 71.6.165.200 SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Looking for Packets for IP address 71.6.165.200
hi, i also got today after i check on my access_log:
71.6.165.200 - - [05/Jun/2016:14:02:16 -0400] "" 400 0 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:17 -0400] "" 400 0 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:17 -0400] "" 400 0 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:17 -0400] "" 400 0 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:18 -0400] "GET /robots.txt HTTP/1.1" 200 5771 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:18 -0400] "GET /sitemap.xml HTTP/1.1" 200 54227 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:21 -0400] "quit" 400 166 "-" "-"
71.6.165.200 - - [05/Jun/2016:14:02:22 -0400] "" 400 0 "-" "-"

i have check this IP, its based on shodan, where shodan is?
IP: 71.6.165.200
Decimal: 1191617992
Hostname: census12.shodan.io
ASN: 10439
ISP: CariNet
Organization: CariNet
Services: None detected

how i protect my site: https://www.whydocs.net/ form this IP
Anonymous
I also can confirm the bs of this Shodan reply. I have built Unix servers since 1997. These people claim they are just randomly scanning. No. Every single time I bring a server online and open up services, they get hit. SSL email attempts, FTP attemps the list is endless. Sometimes from Universities like in MN. Lately it's been from Carinet. I have blocked over 15 subnets and found a new one in a log this morning. If you dig around, you can find more interesting information on Carinet itself. Just my 2 cents - and I did not check the date of this comment - so who knows - could be years late :)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!