<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: [luau] RE: Request for off line security help</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Chris,</FONT>
</P>
<P><FONT SIZE=2>Thanks for this follow up email. You just redeemed yourself. :-)</FONT>
</P>
<P><FONT SIZE=2>What I know about Digital Island scans: They never scan the end customer. Their footprint servers number somewhere between 400 and 500 and they use a synchronization and randomization algorithm to make sure none of them scan a target simultaneously. You'd probably see the 400 or so scans spread over a two hour period. They are supposed to _only_ check the DNS server of your domain with a few pings. Even this minimal activity has some in the networking community up in arms. ;-) They would definitely not dare to port scan a user as you describe.</FONT></P>
<P><FONT SIZE=2>[Chris wrote]</FONT>
<BR><FONT SIZE=2>> The IP that you were scanned from is a customer of ours,</FONT>
<BR><FONT SIZE=2>> Qualys.com. They are a security company that business hire</FONT>
<BR><FONT SIZE=2>> to do comprehensive security screening.</FONT>
</P>
<P><FONT SIZE=2>> I do not know why they were scanning you. It could be one of</FONT>
<BR><FONT SIZE=2>> reasons:</FONT>
</P>
<P><FONT SIZE=2>> 1. Road runner hired them to do an assessment on their network.</FONT>
</P>
<P><FONT SIZE=2>No. I believe I can speak authoritatively on this. Road Runner security does all its own scanning. They scan from a single subnet in their address space. If you point a web browser at the address that scans you there is an informative message about the procedure. </FONT></P>
<P><FONT SIZE=2>> 2. Someone may have compromised their network and is doing </FONT>
<BR><FONT SIZE=2>scans from behind their firewall.</FONT>
<BR><FONT SIZE=2>> 3. Someone in their company is messing around.</FONT>
</P>
<P><FONT SIZE=2>I vote for one of these. There are some nasty things floating around the Internet these days. Ben, you were right to question what was happening.</FONT></P>
<P><FONT SIZE=2>-Doug-</FONT>
</P>
</BODY>
</HTML>