Research Scanning Notes
It's no secret that the Internet is constantly scanned for vulnerabilities, misconfigurations and open ports. I've been running a number of sensors for many years which capture exploit attempts that I share with the security community
and thought it would be interesting to investigate what services the scanning hosts are exposing.
I expected to find them heavily firewalled, with the exception of a web page providing scanner ranges and opt-out details, but found many with SSH, databases, node management and host statistics available.
While the hosts could be gathering intel on what systems connect to them, they look to be misconfigured.
If you'd like to block access to your networks from some scanners, one list is at: https://isc.sans.edu/api/threatcategory/research?csv