CIRCL Scanning Networks

CIRCL Scanning Networks

Back to Projects and Software Developed by CIRCL

  1. IP addresses used for scanning
  2. Opting out
  3. Classification of this document

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. The organisation is part of the transposition of the NIS directive in Luxembourg.

Scanning plays a vital role in ensuring the security and integrity of digital systems and networks. It is a proactive measure undertaken by organizations like CIRCL (Computer Incident Response Center Luxembourg) to identify potential vulnerabilities and weaknesses within a network infrastructure. This process is essential for maintaining a robust cybersecurity posture.

CIRCL’s scanning activities are conducted in line with its mission to provide a systematic response facility to computer security threats and incidents. By scanning for vulnerabilities, CIRCL helps preemptively identify security gaps that could potentially be exploited by malicious actors. This proactive approach enables organizations to address vulnerabilities before they are exploited, reducing the risk of cyberattacks and data breaches.

Moreover, scanning assists in complying with regulatory frameworks such as the transposition of the NIS (Network and Information Systems) directive in Luxembourg. This initiative mandates that organizations implement measures to protect their systems and networks from cybersecurity threats. Regular scanning ensures adherence to such regulations and aids in fortifying the overall cybersecurity infrastructure.

In summary, scanning serves as a necessary and responsible practice to maintain the security of digital systems. Through proactive identification of vulnerabilities, organizations like CIRCL can enhance their ability to mitigate potential risks, safeguard sensitive data, and contribute to the overall stability of the digital landscape.

IP addresses used for scanning

  • 185.194.93.130 - 2a00:5980:93::130 are used to scan for SSH protocol. The scanner is only scanning for the different protocols supported and also gathering the public keys of the server. For more details, the paper Active and Passive Collection of SSH key material for cyber threat intelligence. The scanner is not brute forcing password or authentication, the connection is dropped after the gathering of the public cryptographic materials, banner and protocol details.

Opting out

To opt out, you can block the IP addresses mentioned above, while keeping in mind that blocking scanners like us won’t protect you from attacks.

If you cannot filter and want to opt out, you will need to contact us and add a proof about the IP space ownership.

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.