Hacking Spam? WTF?

This is a first for me. I was going over my server’s log report this morning and I noticed 218 authentication failures from a domain name that implies that the company does security consulting. I checked the site and sure enough, they’re a “tiger team.” Is this a new method of spam, getting their domain and IP in server logs to get admins to check them out?

If you think you’ve gotten scanned by the same company, their netblock is 216.200.97.0/24 but I don’t want to link to them directly. So are they scanning my server to get me to visit their site? The website comes up if you go to the IP, so someone checking out their obvious brute force attack would find it.

The strangest part about this is that if this is a ploy for business, it’s a bad one. Penetration testing requires a large amount of trust, and if you’re attacking my server to get my business you’re not exactly endearing yourself to me. It doesn’t rank high on the list of sound marketing decisions.

The only other scenario I can think of is if someone is using their tools to scan lots of servers, which would speak pretty poorly of the security testing company’s ability to secure things. Still bad publicity, but at least it doesn’t have the malicious intent of spamming.

3 thoughts on “Hacking Spam? WTF?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s