[pgraf]

Just be aware that with your strategy “blocking 50% of unwanted traffic” means blocking non-attack traffic, as these Internet security companies are mostly legitimate. The automated attack traffic that you actually want to block is in the other half and will frequently change IPs.

[BLKNSLVR]

> these Internet security companies are mostly legitimate

This is both subjective and highly dependent upon the scope of services being run. My setup would probably progressively create more hassle than it saves as on a scale from small business to large business. For the setup I have, I quite specifically want to block their traffic.

I'm possibly overly militant about this, but they keep databases of the results of their scans, and their business is selling this information to ... whoever's buying. I don't want my IP addresses, open ports, services or any other details they're able to gather to be in these databases over which I have no control and didn't authorise.

To steal an oft-used analogy, they're taking snapshots of all the houses on all the streets and identifying the doors, windows, gates, and having a peek inside, and recording all the results in a database.

I believe all of them are illegitimate. They 'do' because they can, and it's profitable. "Making the internet safer" is not their raison d'être.

Happy for any else to form their own opinion, but this is my current stance.

[drpixie]

Yes - Anyone who's FAQ answer to "How to avoid being scanned" is "We don't have an opt-out, you must block all these addresses" isn't behaving like a legit business.

"Nice network you've got there."

"We noticed something might be open. We're not telling you what it is."

"It would be a pity if something happened to your business."

"Give us lots of money."

Sounds like a movie strong-arm thug.

[appstorelottery]

Would be cool to have a "don't scan me bro" list of IP's that engage in this that we could share - is there such a thing?

[BLKNSLVR]

The problem is that becomes a concentrator of IPs behind which privacy conscious individuals exist, which probably has higher value to "whoever's buying". It's a conundrum.

[yesbabyyes]

It sounds like what GP is suggesting is to collect ips of all the scanners, and share the list of ips among ourselves, so we can collectively route their traffic to /dev/null.

[BLKNSLVR]

aaaaah, that makes sense. See the links in my original post.

[kjkjadksj]

Why not also sell the scans of scanners to the scanners customers and make a little pocket change?

[zbentley]

There's a comment downthread discussing something similar; I haven't tried it though: https://news.ycombinator.com/item?id=40695179

[dataflow]

You're being sarcastic, right? We did this for telephone numbers and saw how it turned out...

[nubinetwork]

> these Internet security companies are mostly legitimate

Act like a bot, get treated like a bot.

> Just be aware that with your strategy “blocking 50% of unwanted traffic” means blocking non-attack traffic

You don't block them forever, just enough for them to move on to someone else.

[slt2021]

they dont move on to someone else, they scan entire internet on a regular basis, just like gogle crawls web pages

[wl]

My experience is that after blocking Censys, unwanted traffic on non-standard ports from other IP blocks has basically gone to zero. It appears to me that some bad actors are using Censys scans for targeting.

[rolph]

i get similar results

[chipdart]

> (...) as these Internet security companies are mostly legitimate.

Note that you're basing your assertion on the motivation of random third parties exclusively on the fact that they exist and they are behind active searches for vulnerabilities.

[moffkalast]

Lol legitimate. As legitimate as door to door salesmen. OP just put up a proverbial "no soliciting" sign.