Security Basics mailing list archives

RE: "Attacks" from lax.qualys.com

From: "Jeremi Gosney" <Jeremi.Gosney () motricity com>
Date: Tue, 14 Apr 2009 09:56:08 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No, Qualys is not known for "playing with their tools," and its never safe to assume anything. Anyone with a Qualys 
account can scan any external IP addr, it doesn't necessarily have to be someone in your corporation. In fact I'd wager 
that it isn't someone within your corporation. Qualys doesn't do vulnerability assessments per se, they offer 
vulnerability management SaaS. You simply obtain an account, and they give you access to a web console that hosts 
vulnerability management tools. Its essentially the same as someone sitting at home with Nessus scanning your external 
IP space; the only difference is they're paying to scan from someone else's box, and they're paying for a high level of 
anonymity as Qualys can't actually tell which user is scanning which IP. They don't even have to be paying, in fact, 
they could be scanning you with their 30-day free trial.


- -----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of The Security Community
Sent: Monday, April 13, 2009 10:07 AM
To: security-basics () securityfocus com
Subject: "Attacks" from lax.qualys.com

For several days now our IDS has been telling us we're being "attacked" by a host resolving to 
scanner[number].lax.qualys.com.

Considering the source, is it safe to assume "someone" purchased a vulnerability assessment without informing the 
Security Department?

Nobody's talking, but it wouldn't be the first time.

Otherwise, is Qualys known for playing with their tools just for the heck of it?

- ------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
- ------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAknkwBwACgkQIBHDN8vm6zu37ACgmVtqHlWWV5KR2qqH+qVW8xzl
gO4An3161celli0Fev0HIGBEFYDNbuyK
=+odi
-----END PGP SIGNATURE-----

Current thread:

"Attacks" from lax.qualys.com The Security Community (Apr 14)
- RE: "Attacks" from lax.qualys.com Jeremi Gosney (Apr 14)
  - Re: "Attacks" from lax.qualys.com לירן כהן (Apr 20)
    - Re: "Attacks" from lax.qualys.com Liran Cohen (Apr 21)
    - Re: "Attacks" from lax.qualys.com Aarón Mizrachi (Apr 24)