Brutkey

hrbrmstr πŸ‡ΊπŸ‡¦πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡±πŸ‡¬πŸ‡± πŸ‡¨πŸ‡¦πŸ‡¨πŸ‡¦
@hrbrmstr@mastodon.social

Since we flipped the MCP Server scanning tag to live, we see consistent (but low levels) of scans.

Some bots look like they're doing dedicated MCP scanning. Some have added it to other activity profiles.

33 IPs are mal/sus.

Be super careful hosting an HTTP MCP server.

https://viz.greynoise.io/tags/mcp-and-sse-endpoint-scanning?days=30

hrbrmstr πŸ‡ΊπŸ‡¦πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡±πŸ‡¬πŸ‡± πŸ‡¨πŸ‡¦πŸ‡¨πŸ‡¦
@hrbrmstr@mastodon.social

Current port distribution for the MCP scanning: 80, 81, 443, 1080, 3128, 6277, 8000, 8080, 8081, 8443, 8765, 8888, 9000

hrbrmstr πŸ‡ΊπŸ‡¦πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡±πŸ‡¬πŸ‡± πŸ‡¨πŸ‡¦πŸ‡¨πŸ‡¦
@hrbrmstr@mastodon.social

We're also seeing active attempts to compromise Anthropic's MCP Inspector server, so we're gonna add a tag for that, soon, too.

cR0w
@cR0w@infosec.exchange

@hrbrmstr@mastodon.social

Counterproposal: