-1

I have free server at HP cloud, and I am receiving scans from them like this. It is from 15.185.11.100 and reverses to internal-scanner.ops.uswest.hpcloud.net. I have been told numerous times that this kind of scanning is not right, so I cant do this myself in my network. Is this really OK? Basically scanning services running on my own server as well desktops.

GET /v93otn4w.jsp?<IMG%20SRC="javascript:alert(cross_site_scripting.nasl);"> HTTP/1.1
Host: 15.185.xx.xx
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
X-Varnish: 1073461166, 1225953173
X-Forwarded-For: 15.185.11.100, 127.0.0.1, 213.229.xx.xx

--1a995054-F--
HTTP/1.1 403 Forbidden
Content-Length: 214
Content-Type: text/html; charset=iso-8859-1
Andrew Smith
  • 1,143
  • 13
  • 23
  • 3
    Check if this is configurable or you can opt out. OTOH, you are getting scanning for free which will help your application secure. It takes quite an effort to setup scanning using OSS tools or you have to pay for a 3rd party service. Didn't know HP offered a free server with scanning. – Chida Aug 16 '12 at 09:55
  • Well I can opt-out by blocking it. – Andrew Smith Aug 16 '12 at 10:01
  • This is NOT okay, unless explicitly stated in the terms n conditions (or opted in by default). – Cold T Aug 16 '12 at 10:27
  • 2
    We're sysadmins not lawyers. Get your company lawyer to read the fine print in the agreements you clicked through... – user9517 Aug 16 '12 at 15:23

1 Answers1

4

HP does indeed offer a vulnerability scanning service as part of its Enterprise Security Services. Their whitepaper seems to imply that it's required.

Unfortunately, HP's web site is in a persistent state of disarray, (and has been for years) and information is rather hard to find. But it seems that they do indeed offer (and mandate) this service.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972