Why am I receiving connection attempts from this machine?

These connections are part of a new IT security research project at the Swedish Defence Research Agency (FOI). This research involves regularly making a small number of harmless connection attempts to every publicly worldwide accessible computer. This allows our researchers to measure the global Internet and analyze technology and security.

As part of this research, every public IP address receives a handful of packets per day on a selection of common ports. These consist of standard connection attempts followed by RFC-compliant protocol handshakes with responsive hosts. We only receive data that is publicly visible to anyone who connects to a particular address and port.

Why are you collecting this data?

The data collected through these connections consists only of information that is already publicly visible on the Internet. It helps our researchers study the deployment and configuration of network protocols and security technologies. For example, we use it to help web browser developers and other software developers understand the impact of proposed protocol changes and security improvements. In some cases, we are able to detect vulnerable systems and report the problems to the system operators.

Can I opt-out of these scans?

If you wish to opt-out, you can configure your firewall to drop traffic from the host we use for the scans: 37.233.77.228

If you have further questions about this research, please contact mats.persson@foi.se.