Peace,

On Wed, 22 Apr 2026, 2:23 am Nenad Krajnovic, <krajko@sox.rs> wrote:

if you (Qrator Labs) behave in the same way as cyber-criminals, than what is the difference between you two? 

It's not the same way.  What makes cybercriminals cybercriminals is that they conduct cyberattacks.  A harmless network scan is not a cyberattack.  It is frequently *associated* with cyberattacks because cybercriminals, too, often use network scans as the preparatory phase.  However, not all scans have a malicious purpose.

What is the purpose of database with information about vulnerable sites on the Internet? And Qrator Labs is building and maintaining that database by this scanning. Who has access to this database? Does Qrator Labs notify operators of vulnerable networks about the problems they discovered?

Yes, of course!  You can sign up for an account on the website https://radar.qrator.net and, after proper authorisation of you as the maintainer of the autonomous system, you can view all the information about your AS and your networks, including this particular one, for free. This *is* among the main purposes of the said database.

If I catch cyber-criminals during the network scanning or brute force attack, I can start some legal actions.

Well, first, taking legal actions against the cybercriminals scanning networks is, to put it lightly, impractical.  It's not like these criminals register their scanning IPs to their passports or IDs.  The actual malicious scanners will typically operate from some breached servers, or counter-abuse-resistant hosting companies, or from equipment rented with fake IDs, or all the three combined.  Trying to take some legal action against that will require a lot of time and effort, and in the end the scanner will just migrate to another server in a few hours.

Moreover, with the scanning *per se*, I don't really think there's legal basis for that.  On the Internet, the communication is "regulated" by the IETF RFCs, and per the RFCs, once you advertise your networks in the DFZ, you allow other DFZ users to reach your network.  There's no RFC about requesting any kind of prior authorisation from an AS before establishing a TCP session or something.  And network scans themselves do not cause any damage.

Brute force might be a different story, but it's sort of off topic because the scanner in question doesn't do brute force.  If you record a tcpdump of that activity, you could see it yourself that all the packets sent to these ports are identical, there's no attempt to brute force passwords or whatever else.

--
Töma