Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "Attacks" from lax.qualys.com

From: Liran Cohen <liran () rct co il>
Date: Tue, 21 Apr 2009 14:07:01 +0300
I would like to point out an important issue:
Today I got an e-mail from qualys asking me to try and resolve this issue off the list, this is commendable for a company working in such a field to suggest support for a non-paying customer merely to "clear its name" off such claims.
I do not know who sent the original e-mail but if you are reading this, please contact me and I shall forward you to the Qualys representative. 


לירן כהן
RCT Internet Solutions
http://www.rct.co.il
http://www.icon-a.com
+972-54-5617070



לירן כהן wrote:
Jeremy - by what you're saying I would consider any traffic from such service - a security hazard and do my best to block that subnet\s or perform a back resolve and block those hosts.
I agree with all the rest, indeed assumptions do not exist when talking about security, if you assume=you are not sure=there is a risk=not safe, the equation is simple and the conclusion is take action. 


Liran

http://www.rct.co.il

http://www.icon-a.com



ציטוט Jeremi Gosney:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
No, Qualys is not known for "playing with their tools," and its never safe to assume anything. Anyone with a Qualys account can scan any external IP addr, it doesn't necessarily have to be someone in your corporation. In fact I'd wager that it isn't someone within your corporation. Qualys doesn't do vulnerability assessments per se, they offer vulnerability management SaaS. You simply obtain an account, and they give you access to a web console that hosts vulnerability management tools. Its essentially the same as someone sitting at home with Nessus scanning your external IP space; the only difference is they're paying to scan from someone else's box, and they're paying for a high level of anonymity as Qualys can't actually tell which user is scanning which IP. They don't even have to be paying, in fact, they could be scanning you with their 30-day free trial. 


- -----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of The Security Community 
Sent: Monday, April 13, 2009 10:07 AM
To: security-basics () securityfocus com
Subject: "Attacks" from lax.qualys.com
For several days now our IDS has been telling us we're being "attacked" by a host resolving to scanner[number].lax.qualys.com.
Considering the source, is it safe to assume "someone" purchased a vulnerability assessment without informing the Security Department? 

Nobody's talking, but it wouldn't be the first time.
Otherwise, is Qualys known for playing with their tools just for the heck of it?
- ------------------------------------------------------------------------ 
This list is sponsored by: InfoSec Institute
Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. 

http://www.infosecinstitute.com/courses/computer_forensics_training.html
- ------------------------------------------------------------------------ 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAknkwBwACgkQIBHDN8vm6zu37ACgmVtqHlWWV5KR2qqH+qVW8xzl
gO4An3161celli0Fev0HIGBEFYDNbuyK
=+odi
-----END PGP SIGNATURE-----





------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. 

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: