strange connection

toejam

Young grasshopper
Joined
Feb 7, 2016
Messages
68
Reaction score
5
I selected the "connections" tab in bi status and it is showing some connections I don't recognize. You can see the connections in the attached image, but, the data is:

IP: 167.248.133.53
Host: scanner-09-ch1.censys-scanner.com

Anybody have any clue who these folks are and why they would be connecting through bi?
 

Attachments

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
Better question is do you have any ports open on your router that would allow that to happen? Are you accessing your BI system from outside? If so are you using a VPN?

VPN Primer
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377

Search for Censys for more info.

But, yeah, as above. Better not to have open ports if you can avoid.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,541
Location
USA

toejam

Young grasshopper
Joined
Feb 7, 2016
Messages
68
Reaction score
5
I do have bi webserver running. Also, Synology NAS, which has ftp, and remote access.

So, dumb question: if censys has a connection to my bi system, does this mean they either have my login credentials, or they have a back door?
 
Last edited:

th182

BIT Beta Team
Joined
Sep 11, 2018
Messages
689
Reaction score
1,204
Location
Minnesota
I do have bi webserver running. Also, Synology NAS, which has ftp, and remote access.

So, dumb question: if censys has a connection to my bi system, does this mean they either have my login credentials, or they have a back door?
Unlikely. You are probably port forwarding so your BI machine is accessible from the internet. They scanned and hit your system. But it doesn’t show a user or anything so they didn’t log in. Likely a bot scanning for open systems.

Best to use a VPN and not directly expose your systems to the internet.


Sent from my iPhone using Tapatalk
 
Top