Network reputation

Discovering dark networks

How security vendors discover IP/networks with bad reputation


How to do it?

You need to buy a lot of public subnets. Then analyze connection attempts on critical ports: 22 or 3389. If you have large subnet you will get a lot of connection attempts from one IP.


We were scanned by (with more than 100 scans) during 24h:

RDP
211.142.19.x     1017 times
221.133.16.x     614
69.64.57.x     393
121.28.15.x     340
192.210.53.x     265
116.255.184.x     256
169.54.233.x     232
123.57.219.x     232
208.105.241.x     231
101.200.177.x     215
121.10.235.x     175
82.69.16.x     172
208.91.98.x     169
203.171.238.x     145
154.42.160.x     137
80.85.84.x     131
203.158.230.x     110

SSH
221.203.3.x     1308 times
45.114.11.x     829
45.114.11.x     629
61.188.189.x     451
45.114.11.x     426
45.114.11.x     405
45.114.11.x     375
50.22.62.x     338
104.217.216.x     265
94.102.49.x     245
209.126.247.x     239
117.173.200.x     236
187.84.181.x     236
218.91.181.x     236
128.177.19.x     233
61.188.189.x     232
218.65.30.x     204
36.61.144.x     169
27.75.99.x     151
5.2.178.x     128
78.140.164.x     128
182.140.140.x     126

VNC
61.240.144.x     982 times
217.116.128.x     966
91.237.6.x     682
80.85.84.x     651
169.54.233.x     354
123.30.51.x     341
80.82.65.x     341
89.248.168.x     341
61.156.8.x     327
61.161.168.x     307
173.208.189.x     299
109.111.188.x     266
195.3.144.x     236
200.31.162.x     236
94.102.63.x     236
169.54.233.x     233
80.82.65.x     233
95.110.187.x     233
222.186.42.x     230
187.6.99.x     211
58.218.177.x     138
68.168.213.x     132
180.97.215.x     121
185.92.222.x     110

Telnet
104.192.0.x     340 times
95.16.14.x     254
110.246.20.x     236
116.41.192.x     236
61.163.47.x     236
82.224.37.x     236
58.11.2.x     128
116.14.151.x     127
118.173.140.x     127
180.249.207.x     127
188.76.231.x     127
188.77.173.x     127
190.197.106.x     127
190.88.174.x     127
212.15.150.x     127
31.181.108.x     127
42.118.126.x     127
77.157.49.x     127
82.166.156.x     127
86.62.69.x     127
92.11.14.x     127
92.46.77.x     127
95.19.96.x     127
95.23.95.x     127
95.9.110.x     127
46.9.99.x     126
113.231.243.x     125
95.59.116.x     123

Check also: