An anonymous reader writes "If you regularly check your router log you may see port scanning attempts from unknown sources. Here's one where a company appears to be advertising their hacking at your firewall. It's the first time I've seen anything like this and am wondering if it's a new business model borrowed from malware authors that exploit an opportunity, then ask for ransom (payment for a removal tool) to get rid of what they gave you.
Below is just a small portion of what they did to my log, boldly telling me what they do for a living.
04/06/2008 00:52:02.272 — Sub Seven attack dropped — 18.104.22.168, 50494, WAN, www.securitymetrics.com — 70.89.120.xx,
27374, WAN — 04/06/2008 00:52:34.944 — Back Orifice attack dropped — 22.214.171.124, 49060, WAN, www.securitymetrics.com — 70.89.120.xx,
31337, WAN — 04/06/2008 00:53:21.848 — Ripper attack dropped — 126.96.36.199, 53108, WAN, www.securitymetrics.com — 70.89.120.xx,
2023, WAN — 04/06/2008 01:40:22.480 — Smurf Amplification attack dropped — 188.8.131.52, 8, WAN, www.securitymetrics.com — 70.89.120.xx,
8, WAN — 04/06/2008 01:41:29.800 — Smurf Amplification attack dropped — 184.108.40.206, 8, WAN, www.securitymetrics.com — 70.89.120.xx,
8, WAN — 04/06/2008 01:41:38.576 — Possible port scan dropped — 220.127.116.11, 50059, WAN, www.securitymetrics.com — 70.89.120.xx,
15, WAN — TCP scanned port list, 20031, 5269, 1718, 902, 1718
I contacted the support/abuse contact listed for that IP address and got this reply: — Can you confirm if you have an account with us? If so what is the email address the account is registered under, or what is the IP / Domain that we are testing?
Our scan includes a port scan to see what service's are open, then it checks for various known vulnerabilities. So it is not just a port scan but a complete vulnerability scan.
Please let us know if you have any additional questions.
801-705-5700 US support
0207.993.8031 UK support
While I did ask Scott WTF his company was doing advertising in my log, I doubt my outrage at this ethical lapse on their part will have any effect on their methods. What do you guys think?"