On Wed, 2016-06-01 at 15:05 +0200, Renaud Allard wrote:
> Given the name of the host researchscanXXX, may I assume you have used a
> server to test the crypto? So if it has indeed attempted some kind of
> brute force, maybe grsec was right.
Its an Internet pest from the USA's Michigan University.
~~~~~~
In February 2014, they stated
"These connections are part of an Internet-wide network survey being
conducted by computer scientists at the University of Michigan. The
survey involves making TCP connection attempts to large subsets of the
public IP address space and analyzing the responses. We select addresses
to contact in a random order, and each address receives only a very
small number of connection attempts. We do not attempt to guess
passwords or access data that is not publicly visible at the address.
Some of our previous results can be found at
http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf."
"If these scans are causing problems, we would be happy to exclude your
IP address from future research scans."
~~~~~~
In February 2015 they stated
"We understand if you'd like to drop scan related traffic. If you are
going to do this, the correct subnets to blacklist are 141.212.121.0/24
and 141.212.122.0/24"
~~~~~~
--
Regards,
Paul.
England, EU. England's place is in the European Union.