These connections are part of an Internet-wide research study being conducted by computer scientists at RWTH Aachen University. The research involves making benign connection attempts to every public IP address from our own subnets (see below) and cloud hosts. By measuring the entire public address space, we are able to analyze global patterns and trends in protocol deployment and security.
As part of this study, every public IP address receives a handful of packets per day on a selection of common ports. These consist of regular UDP probes and TCP connection attempts followed by RFC-compliant protocol handshakes with responsive hosts. We never attempt to exploit security problems, guess passwords, or change device configuration. We only receive data that is publicly visible to anyone who connects to a particular address and port.
The data collected through these connections helps computer scientists study the deployment and configuration of network protocols and security technologies. For example, we use it to help web browser makers and other software developers understand the impact of proposed protocol changes and security improvements. In some cases, we are able to detect vulnerable systems and report the problems to the system operators.
To have your host or network excluded from future scans conducted by RWTH Aachen University, please contact researchscan@comsys.rwth-aachen.de with your IP address or CIDR block. Alternatively, you can configure your firewall to drop traffic from our main IPs and subnets we use for scanning. Our cloud hosts will not try to contact you if our main IPs could not contact you. Our main IPs / subnets are 137.226.113.0/26 and 2a00:8a60:1014:88::/64.