HP is scanning my vulnerabilities, is this OK?

Andrew Smith asked:

I have free server at HP cloud, and I am receiving scans from them like this. It is from 15.185.11.100 and reverses to internal-scanner.ops.uswest.hpcloud.net. I have been told numerous times that this kind of scanning is not right, so I cant do this myself in my network. Is this really OK? Basically scanning services running on my own server as well desktops.

GET /v93otn4w.jsp?<IMG%20SRC="javascript:alert(cross_site_scripting.nasl);"> HTTP/1.1
Host: 15.185.xx.xx
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
X-Varnish: 1073461166, 1225953173
X-Forwarded-For: 15.185.11.100, 127.0.0.1, 213.229.xx.xx

--1a995054-F--
HTTP/1.1 403 Forbidden
Content-Length: 214
Content-Type: text/html; charset=iso-8859-1

My answer:


HP does indeed offer a vulnerability scanning service as part of its Enterprise Security Services. Their whitepaper seems to imply that it’s required.

Unfortunately, HP’s web site is in a persistent state of disarray, (and has been for years) and information is rather hard to find. But it seems that they do indeed offer (and mandate) this service.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.