Huzzah! Bad Packets Report has been cleared as a safe site by the Google Search Console Team. Earlier this morning, we received the following notification: To: Webmaster of https://badpackets[.]net/, Google has received and processed your security review request. Google systems indicate that https://badpackets[.]net/ no longer contains links to harmful sites or downloads. The warnings visible to users are being removed from your site. This may take a few hours to happen. Thank you to Google Search Console Team for clearing up this false-positive so quickly!

Recently, I posted about the IP 80.82.65.66 and the DoS attacks I observed in my syslog. I presumed the reverse DNS record (PTR record) pointing to no-reverse-dns-configured.com was just a one-time fake. However, further investigation blew that theory out of the water. Upon review of the top three networks in my all-time dropped packets list, I saw 93.174.93.136 which is also managed by Quasi Networks LTD and has a PTR record, you guessed it, going to no-reverse-dns-configured.com. At that point I figured further investigation into this domain name was needed. IBM X-Force Exchange is reporting the DNS name no-reverse-dns-configured.com has 245 associated DNS records …

Read Moreno-reverse-dns-configured.com – The mother of all PTR records

Irony levels reached maximum levels today when Google Safe Browsing labeled Bad Packets Report, our website, as an “unsafe site” per the notification received in the Google Search Console. Unfortunately, no explanation was provided on the Google Transparency Report website noting that: The site badpackets.net contains harmful content, including pages that: Contain suspicious or unknown software This is an incredible claim, given that no software is hosted on Bad Packet Reports, nor any URLs that link to “suspicious or unknown software”. Google did not respond to a request for comment on the matter. Other Google users are reporting similar issues on the Webmaster …

Read MoreGoogle Safe Browsing algorithm labels Bad Packets Report as “unsafe site”

Our runner up title for most dropped packets is bestowed upon 63.251.252.12. So what nefarious activity have we seen? On the surface, the attacks appear fairly benign. However, the deeper we go down the rabbit hole, the more we discover! So what ports are being attacked and how often? Port 35935 was the lowest and 65428 the highest. TCP was the only protocol used and no single port was attacked more than 18 times in the total 2,462 attacks (still in progress). The quest gets more interesting when we look into the backstory of 63.251.252.12. A WHOIS query returns: OrgName: Internap Network Services Corporation OrgId: …

Read More63.251.252.12 – Malware remnants from yesteryear or harmless prodding by The Nielsen Company?

I’ve been watching the dropped packets for 80.82.65.66 awhile now and feel it’s safe to bestow the title of “The Master Needler” upon them. So which ports are they poking the most?  Interestingly, the ports attacked were evenly distributed and appear mostly random. The lowest port number attacked was 1000 and the highest was 65506. No single port was attacked more than 26 times. The only protocol used in the attacked was TCP. The full list of ports attacked by 80.82.65.66 is located here: https://pastebin.com/w0uca8q6 As of this writing, I have seen 20,489 unique attacks from 80.82.65.66. No other single IP address found in …

Read MoreThe Master Needler – 80.82.65.66