- Newest
- Most votes
- Most comments
The automated block-listing of IPs observed to be engaging in malicious activities is largely based on hitting honeypots. By penetration testing, do you mean testing specifically agreed target systems the owners of which have authorised you to test, or do you mean broad scanning of arbitrary targets in AWS and perhaps elsewhere, many of which aren't inviting such scans?
In the latter case, you'd likely be hitting many honeypots, causing your IP to be block-listed. You can't expect your IP to be kept off those block-lists while using the IP to run exactly the kinds of reconnaissance scans that honeypots are designed to respond to. For a casual scan, I'd guess your IP will be removed from the block list a few days after you stop your scans, but you'll be put back on the list instantly if you resume them. The same will naturally happen if you change your IP and start using it to run similar scans.
It turns out that my NGINX web server actually got hacked and the Script Kitty added me to a botnet that DDOSed an AWS Server, Found out from my buddy who works at our ISP. Makes sense, working on stuff now
Relevant content
- asked 2 months ago
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago
