A common way systems like firewalls or 'Intrusion Prevention Systems' try to deter or prevent hackers is to detect their attacks and block all communication from that source. This works when the attacker behaviour is obvious; like our scans that try to identify thousands of weaknesses in a short space of time. However, in situations where attackers target specific issues across a wide variety of targets (like the whole internet), or disguise their attacks by sending them from multiple locations, these attacks can sneak through this type of blocking.
If you are using an Intrusion Prevention System, or your firewall has a similar service built in, you might be preventing our scans from finding a weaknesses that a hacker could later exploit, and not benefitting from our service to help secure your systems.
You should also consider if you have any additional DDoS Protection Systems, or Web Application Firewalls (such as Cloudflare) or Content Delivery Networks that could be applying IPS/IDS technology, for example some edge routers now include this as standard.
However, be careful not to give us access straight through the firewall, we don't need to see your internal systems if they aren't normally exposed, we just need to see what's normally accessible from the internet.
The IPs to whitelist are listed below. There is a large number of IPs due to the distributed nature of the systems used to perform the scans.
You do not have to whitelist any IPs however this may give inaccurate scanning results.
If you are unsure how to do this you can contact the cyber security team and we will try to assist. Each firewall, IPS and WAF is different and we may not have complete instructions but we can help you find them.
Updated over 2 years ago