GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks.
The threat monitoring firm that tracks internet-wide activity via a global sensor network says this problem has grown significantly over the past year, with many users unknowingly helping malicious online activity.
"Over the past year, residential proxy networks have exploded and have been turning home internet connections into exit points for other people's traffic," explains GreyNoise.
"Sometimes folks knowingly install software that does this in exchange for a few dollars. More often, malware sneaks onto devices, usually via nefarious apps or browser extensions, and quietly turns them into nodes in someone else's infrastructure."
While there are ways to determine if someone has become part of malicious botnet activity, like examining device logs, configurations, network traffic, and activity patterns, a tool that simply checks the IP address is the least intrusive method
People visiting the scanner's webpage will get one of the three possible results:
Clean: No malicious scanning activity detected. Malicious/Suspicious: The IP has shown scanning behavior. Users should investigate devices on their network. Common Business Service: The IP belongs to a VPN, corporate network, or cloud provider, and the scanning activity is normal for those environments.
Clean scan result
Source: BleepingComputer
When any activity is correlated with the provided IP address, the platform will also include a 90-dayhistorical timeline, which may help pinpoint a potential infection point.
... continue reading