New blog post, this one is about an odd trend I spotted a couple of years ago, which involves slow port scans potentially using botnets:
https://www.markloveless.net/blog/2025/5/20/tracking-advanced-port-scanning
What makes this interesting is it is not the first time I've blogged about this use of slow botnet usage, it is also used to guess passwords, as I talked about last month:
https://www.markloveless.net/blog/2025/4/22/fail2ban-for-sendmail-auth