Request for off line security help
Doug Stanfield
DOUGS at oceanic.com
Tue Nov 13 08:29:15 PST 2001
Chris,
Thanks for this follow up email. You just redeemed yourself. :-)
What I know about Digital Island scans: They never scan the end customer.
Their footprint servers number somewhere between 400 and 500 and they use a
synchronization and randomization algorithm to make sure none of them scan a
target simultaneously. You'd probably see the 400 or so scans spread over a
two hour period. They are supposed to _only_ check the DNS server of your
domain with a few pings. Even this minimal activity has some in the
networking community up in arms. ;-) They would definitely not dare to port
scan a user as you describe.
[Chris wrote]
> The IP that you were scanned from is a customer of ours,
> Qualys.com. They are a security company that business hire
> to do comprehensive security screening.
> I do not know why they were scanning you. It could be one of
> reasons:
> 1. Road runner hired them to do an assessment on their network.
No. I believe I can speak authoritatively on this. Road Runner security
does all its own scanning. They scan from a single subnet in their address
space. If you point a web browser at the address that scans you there is an
informative message about the procedure.
> 2. Someone may have compromised their network and is doing
scans from behind their firewall.
> 3. Someone in their company is messing around.
I vote for one of these. There are some nasty things floating around the
Internet these days. Ben, you were right to question what was happening.
-Doug-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20011113/59b587d8/attachment-0001.htm>
More information about the LUAU
mailing list