Hacking Spam? WTF?

This is a first for me. I was going over my server’s log report this morning and I noticed 218 authentication failures from a domain name that implies that the company does security consulting. I checked the site and sure enough, they’re a “tiger team.” Is this a new method of spam, getting their domain and IP in server logs to get admins to check them out?

If you think you’ve gotten scanned by the same company, their netblock is 216.200.97.0/24 but I don’t want to link to them directly. So are they scanning my server to get me to visit their site? The website comes up if you go to the IP, so someone checking out their obvious brute force attack would find it.

The strangest part about this is that if this is a ploy for business, it’s a bad one. Penetration testing requires a large amount of trust, and if you’re attacking my server to get my business you’re not exactly endearing yourself to me. It doesn’t rank high on the list of sound marketing decisions.

The only other scenario I can think of is if someone is using their tools to scan lots of servers, which would speak pretty poorly of the security testing company’s ability to secure things. Still bad publicity, but at least it doesn’t have the malicious intent of spamming.

3 thoughts on “Hacking Spam? WTF?

Leave a Reply

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)