On 3/3/21 5:05 PM, Carlos E.R. wrote:
On 03/03/2021 23.52, Lew Wolfgang wrote:
cer@Isengard:~> host 80.82.65.74 74.65.82.80.in-addr.arpa domain name pointer scanner.openportstats.com. cer@Isengard:~>
That one might be me requesting a scanner on myself. Possibly there might be a reference to this in some mail list at those days, but I have not looked :-) Try going to openportstats.com and enter your router's wan IP address,
On 3/3/21 2:00 PM, Carlos E. R. wrote: then let us know what you see. "No results"
They don't do an actual scan when I ask, but look on their database - that is useless, the IP is dynamic, so they could have scanned me or any other Telefónica client.
How often does your IP change? I've seen mine not change for years.
They couldn't find anything on my home router, but they have lots of info on the open ports of my server.
BTW, they don't need permission to scan you. Well... I'm not sure about that. Maybe not in the country they are based, but they are trespassing on other countries and jurisdictions.
The commercial scan services collect only publicly available data, like which ports are open, and banners from open ports. You or me scanning would probably violate our use agreements with our ISP's, but that wouldn't be a problem for a business who's their own ISP. Even if a jurisdiction had a specific law regarding scanning, I doubt if it could, or would, be enforced. I could fat-finger a url and accidentally scan someone. Would an arrest warrant for my IP address be issued? Shodan.io never asked me for permission. And of course botnets also scan for open ports, and not just the obvious ones. I just checked on my underused server with a direct and static connection, and over a 75-minute period I had 869 ports scanned, 637 of them were unique ephemeral high-numbered ports. Botnets don't care about laws, and if your IP is static for very long, your hidden ssh port could be exposed. Regards, Lew