On Thu, 7 Dec 2017 22:59:46 -0500 Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> > On Dec 7, 2017, at 9:14 PM, li...@lazygranch.com wrote: > > > > http://researchscan288.eecs.umich.edu/ > > I never could find the research IP space and my email went > > unanswered. I just blocked the whole university. Link has the IP > > space as listed below: > > 141.212.121.0/24 > > 141.212.122.0/24 > > Seems rather an overreaction. So a few bots scan your system now and > then, for socially beneficial research purposes[1]. Does it really > make sense to block an entire university to try to avoid this? > I'm in agreement with you regarding blocking an entire university, but I couldn't get a reply regarding the research IP space, nor could I find the IP space online until today. Email, being the means of resetting passwords, gets extra scrutiny by me. Now that I have the research IP space, I have removed the full block. Interesting commentary: https://www.hackerfactor.com/blog/index.php?url=archives/775-Scans-and-Attacks.html The problem is the researchers look like hackers. For web "research", they may provide an address to contact them in the browser meta data. Maybe they are researchers, and maybe not. I allow a fair number of bots to poke the server, even if they appear dubious. One claims to research uptime, but if you ping me once a day, I don't think that is much of a study. I have a gut feeling many of these research bots are really zombies. The student has graduated and the account never canceled. I'm sure you've heard the story (perhaps legend) of the university sysadmin mapping the network and finding some server tucked away in a closet that they had no idea was there.
