“This page provides information on the NCSC’s scanning activities. You may have been referred here by information left by one of our scanning probes if a system you own or administer has been scanned.”

So begins the UK’s National Cyber Security Center information page describing their new scanning program.  In a blog post entitled “Scanning the Internet for Fun and Profit,” the NCSC describes the rationale for their program.

As part of an intelligence agency, the NCSC has to answer what they call “Grand Challenges”:

But the analyses we’ve published don’t answer the really hard questions, like ‘How vulnerable is the UK to cyber attack?’ or ‘Does HMG policy X have any impact on our security?’. Internally, we have a small number of ‘Grand Challenges’; research projects trying to find solutions to these really hard cyber security problems.

To answer these questions, they need better tools.  As they put it, just “running regex over Shodan” isn’t enough.  So they’re initiating their own scans:

During the 18 months or so that challenge has been running, we’ve made good progress using existing sources of data (including data from the ACD [Active Cyber Defense] services), but we’ve reached the limit of the utility of the commercial internet-scanning data we procure. Sometimes they don’t have the detail we need, or they’re not timely enough, or they don’t include specific IP ranges we need to look at.

Their scanning program is designed to overcome these deficiencies and help “respond to shocks” (a zero day).

It’s possible to opt out of scanning – see the information page.

What do you think about this kind of white hat scanning?  I have to think that various intrusion detection systems are going to be firing alerts as a consequence which is noise that system owners need to deal with.  Please share your thoughts in the comments below!

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• COMMUNITY NEWS: RackNerd LLC, Global IaaS Provider, Expands European Footprint with New Dublin, Ireland Datacenter - November 16, 2024
• Hey Providers – Want Some FREE Advertising During the SuperBowl? - November 14, 2024
• Inception Hosting is Closing Its Doors - November 12, 2024