Spamhaus is blocking port scanning
Vincent Canfield has been conducting a campaign to highight the wrongdoing of the aforementioned organisation
>Spamhaus has started a nasty campaign against Internet Researchers, and until now has gone mostly unnoticed outside the port scanning communities.
>Port scanning is a crucial activity for Internet Researchers. Port scanning allows researchers to know what services are running on the Internet, and in its simplest case a port scanning probe is a single TCP SYN packet. Market researchers port scan to calculate market share of various products.
>Spamhaus is an incredibly influential company. They have gained popularity with enough large tech companies that being listed by Spamhaus is a death sentence.
>The Spamhaus Block List (SBL) has historically been used to list IP addresses used to send spam, who attempt to hack into servers, and who host botnet controllers and infrastructure. Unlike with these activities, there is no way to prove that port scanning actually originates from a given IP address, meaning malicious actors are able to spoof port scanning traffic and inflict a sort of "blacklist attack" by causing innocent IP addresses to be listed.
>Spamhaus is listing all port scanning traffic without verifying the traffic comes from where it says. Instead of checking for e.g. banner scans, which require a TCP handshake or two-way UDP interaction, Spamhaus' honeypot servers are blacklisting all TCP SYNs it sees.
>https://vc.gg/spamhaus-post-draft.txt
>http://archive.fo/r1eeE
>https://www.theregister.co.uk/2019/04/16/spamhaus_port_scans/
>http://archive.fo/RxOFn
>https://twitter.com/gexcolo/status/1119046139020496896