Request for off line security help

[Doug Stanfield]

Chris,

Thanks for this follow up email.  You just redeemed yourself. :-)

What I know about Digital Island scans:  They never scan the end customer.
Their footprint servers number somewhere between 400 and 500 and they use a
synchronization and randomization algorithm to make sure none of them scan a
target simultaneously.  You'd probably see the 400 or so scans spread over a
two hour period.  They are supposed to _only_ check the DNS server of your
domain with a few pings.  Even this minimal activity has some in the
networking community up in arms. ;-)  They would definitely not dare to port
scan a user as you describe.

[Chris wrote]
> The IP that you were scanned from is a customer of ours,
> Qualys.com.  They are a security company that business hire
> to do comprehensive security screening.

> I do not know why they were scanning you.  It could be one of
> reasons:

> 1.  Road runner hired them to do an assessment on their network.

No.  I believe I can speak authoritatively on this.  Road Runner security
does all its own scanning.  They scan from a single subnet in their address
space.  If you point a web browser at the address that scans you there is an
informative message about the procedure.  

> 2.  Someone may have compromised their network and is doing 
scans from behind their firewall.
> 3.  Someone in their company is messing around.

I vote for one of these.  There are some nasty things floating around the
Internet these days.  Ben, you were right to question what was happening.

-Doug-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20011113/59b587d8/attachment-0001.htm>