These providers are the sources of the strangest and most harmless but interesting traffic I have ever seen. Just the other day I was watching a node at BuyVM send my public DNS server a SYN packet every 10 seconds to port 53. The sequence number and source port stays the same, but the TTL decrements from 64 down to 1 in 64 seconds/packets. Checksums fail. No idea what they are enumerating or what script this is. Both my DNS daemon and the kernel know not to respond to any of it. They stopped before I restarted with debugging enabled. I also get a lot of scans looking for DKIM keys and other poor configurations coming from the providers on this list. I would never block any of it, too much fun to watch.
Weird! The decrementing TTLs almost sounds like the sender is trying to perform some strange variation on a traceroute. With the long interval, maybe they are sending such packets to many destinations, and trying to build an evolving picture of Internet routing infrastructure?
I've never heard of Kyun so I go to their site. It's a very good looking site but the anime girls, minecraft font, and nba youngboy references in their blog posts are just so strange.
LinuxBender|2 years ago
simmons|2 years ago
scrps|2 years ago
combatfrog01|2 years ago
KomoD|2 years ago
You have a list of established providers and then some random new provider (who also happens to tick every box for your questionable content)
miloignis|2 years ago
It seems pretty evenhanded and not like an ad to me.