What is up with recyber , criminalip ?
I often see these services making port scan requests
https://recyber.net/
https://security.criminalip.com/
Both says they are scanning your server / ips for research purpose ..
What is their research, finding open ports / ssh ports and then use brute force attack on them ?
Comments
Have you seen any brute force attacks from them?
If yes, then the answer is yes.
If no, then probably not.
Portscans are a normal part of the noise on the internet, there are many organizations/companies that collects vast amount of information and statistics that way. I do not see portscans as attacks as long as they do a simple scan, however, any failed login attempt will get them blocked.
Some port scanner is crashing our software: https://redmine.named-data.net/issues/5158
Specifically, the scanner makes a TCP connection then immediately transmits RST packet, which triggers software bug.
Does this count as attack or normal Internet noise?
I would count it as a bug in your software, nothing more and nothing less.
I do receive thousands of brute force attacks daily once they figure out ports (specially ssh) . What if they are finding ports for others ?
Yet pretending to be legit, what is purpose of this noise (port scan research ) ?
If it's a problem for you just block them or simply ask to be added to their whitelist, they both have clear instructions on their website. That alone should give you a hint that they are legit.