PSA University of Michigan research IP space

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

PSA University of Michigan research IP space

lists@lazygranch.com
http://researchscan288.eecs.umich.edu/
I never could find the research IP space and my email went unanswered.
I just blocked the whole university. Link has the IP space as listed
below:
141.212.121.0/24
141.212.122.0/24
Reply | Threaded
Open this post in threaded view
|

Re: PSA University of Michigan research IP space

Viktor Dukhovni


> On Dec 7, 2017, at 9:14 PM, [hidden email] wrote:
>
> http://researchscan288.eecs.umich.edu/
> I never could find the research IP space and my email went unanswered.
> I just blocked the whole university. Link has the IP space as listed
> below:
> 141.212.121.0/24
> 141.212.122.0/24

Seems rather an overreaction. So a few bots scan your system now and then,
for socially beneficial research purposes[1].  Does it really make sense
to block an entire university to try to avoid this?

--
        Viktor.

[1] Full disclosure, I perform DANE/DNSSEC adoption scans of as many
DNSSEC-validated domains I can find, currently ~5.1 million, making
connections to MX hosts that publish secure TLSA records (~4 thousand
MX hosts, covering ~174 thousand domains).  Domain owners whose TLSA
records don't match reality are notified of any problems. Generally,
postmasters seem pleased to be notified and given the opportunity to
fix the problem in a timely manner. So I have some empathy for the
Michigan team, who are also by the way one of the sources from which
I gather domain names.

If some of you have deployed DANE TLSA records, but feel strongly
that I should exclude your domains from automated scans, please
drop me a note and I'll add your domains to my "ignore" list.
Reply | Threaded
Open this post in threaded view
|

Re: PSA University of Michigan research IP space

lists@lazygranch.com
On Thu, 7 Dec 2017 22:59:46 -0500
Viktor Dukhovni <[hidden email]> wrote:

> > On Dec 7, 2017, at 9:14 PM, [hidden email] wrote:
> >
> > http://researchscan288.eecs.umich.edu/
> > I never could find the research IP space and my email went
> > unanswered. I just blocked the whole university. Link has the IP
> > space as listed below:
> > 141.212.121.0/24
> > 141.212.122.0/24  
>
> Seems rather an overreaction. So a few bots scan your system now and
> then, for socially beneficial research purposes[1].  Does it really
> make sense to block an entire university to try to avoid this?
>

I'm in agreement with you regarding blocking an entire university, but
I couldn't get a reply regarding the research IP space, nor could I
find the IP space online until today.

Email, being the means of resetting passwords, gets extra scrutiny by
me. Now that I have the research IP space, I have removed the full
block.

Interesting commentary:
https://www.hackerfactor.com/blog/index.php?url=archives/775-Scans-and-Attacks.html

The problem is the researchers look like hackers. For web "research",
they may provide an address to contact them in the browser meta data.
Maybe they are researchers, and maybe not.

I allow a fair number of bots to poke the server, even if they appear
dubious. One claims to research uptime, but if you ping me once a day,
I don't think that is much of a study. I have a gut feeling many of
these research bots are really zombies. The student has graduated and
the account never canceled. I'm sure you've heard the story (perhaps
legend) of the university sysadmin mapping the network and finding some
server tucked away in a closet that they had no idea was there.
Reply | Threaded
Open this post in threaded view
|

Re: PSA University of Michigan research IP space

allenc
In reply to this post by Viktor Dukhovni


On 08/12/17 03:59, Viktor Dukhovni wrote:

>
>
>> On Dec 7, 2017, at 9:14 PM, [hidden email] wrote:
>>
>> http://researchscan288.eecs.umich.edu/
>> I never could find the research IP space and my email went unanswered.
>> I just blocked the whole university. Link has the IP space as listed
>> below:
>> 141.212.121.0/24
>> 141.212.122.0/24
>
> Seems rather an overreaction. So a few bots scan your system now and then,
> for socially beneficial research purposes[1].  Does it really make sense
> to block an entire university to try to avoid this?
>

The netblocks (above) are not the whole university, but only the range
used by the research scans.

The website (also above) explains what the research is all about, and
should you wish to opt out of the research, invites you to drop the
aforementioned netblocks in your firewall.

To me, this seems a very reasonable and equitable arrangement.

Allen C
Reply | Threaded
Open this post in threaded view
|

Re: PSA University of Michigan research IP space

Richard-2
In reply to this post by lists@lazygranch.com


> Date: Friday, December 08, 2017 10:07:58 +0000
> From: Allen Coates <[hidden email]>
>
> On 08/12/17 03:59, Viktor Dukhovni wrote:
>>
>>
>>> On Dec 7, 2017, at 9:14 PM, [hidden email] wrote:
>>>
>>> http://researchscan288.eecs.umich.edu/
>>> I never could find the research IP space and my email went
>>> unanswered. I just blocked the whole university. Link has the IP
>>> space as listed below:
>>> 141.212.121.0/24
>>> 141.212.122.0/24
>>
>> Seems rather an overreaction. So a few bots scan your system now
>> and then, for socially beneficial research purposes[1].  Does it
>> really make sense to block an entire university to try to avoid
>> this?
>>
>
> The netblocks (above) are not the whole university, but only the
> range used by the research scans.
>
> The website (also above) explains what the research is all about,
> and should you wish to opt out of the research, invites you to drop
> the aforementioned netblocks in your firewall.
>
> To me, this seems a very reasonable and equitable arrangement.
>
> Allen C

Correct, hardly the "whole university" (or even the "research IP
space"). It's about 500 ipnumbers used by a sub-section of the
college of engineering. For a better sense of the university's
allocations, see the "related networks" link at:

  <https://whois.arin.net/rest/org/UNIVER-118>