Founder & CTO
.........................................
Serbian Open eXchange / AS 13004 / www.sox.rs
.........................................
Address: Todora Dukina 78, 11000 Belgrade, Serbia
Mob: +381 6 777 33 777 / mail: krajko@sox.rs
Hello Töma,
thank you for your e-mail. I read the article carefully and I have 2 comments.
First of all, Qrator Labs didn't get any authorization from SOX
for scanning our network and it is legal from our side to threat
that activity as malicious.
Second, it was not one ping. I found more than 20 attempts to
access the router on UDP/161 port. It looks like brute force
attack to me.
Under this circumstances, I do not see any excuse for them.
Best regards,
Peace,
In the today's presentation "How to try to catch the hackers?", slide 13, a question was asked: what are the security companies doing by sending UDP probes?
I worked at Qrator Labs before, and I know the team behind this probing. If you want to know more, there's an article on the website: https://radar.qrator.net/learn/2?article=23
I don't know what Palo Alto is doing, but maybe similar things?
Hope that helps.
--Töma
