Fortra

Scan of Hardened IP Address

Answered

Comments

3 comments

  • Official comment
    Avatar
    Abby Kincer

    Rick -

    We recommend that you whitelist our PCI scanners from your firewall to ensure an accurate scan can be conducted. Below are some excerpts from customer-facing resources that should help!

    From our Running External PCI Scans knowledge base article:

    Web Application Firewall (WAF), Intrusion Detection System (IDS), or Network Firewall Interference

    Check if any of these systems are being used and if they are contributing to the high increase of your average response time. This may be the case since every incoming request on your web server will be thoroughly analyzed, thus increasing the response time. A lot of times, the scan will seem like it is hung. During ports and services discovery, the Scanner occasionally runs into hosts that will report every single (or lots of random) ports as open. Obviously, this is because something in front or on the target host is replying with SYN, ACKs for every SYN sent. This behavior is sometimes referred to as “Tarpitting”. A Tarpit is a service generally found on IDS/IPS and Firewalls as well as servers that delay or shroud incoming connections. Basically, when port scanning, the scanner gets stuck for hours, days, or even months trying to get past it.  We suggest that customers whitelist our Scanning IPs for any of these security mechanisms so that requests and responses pass through unhindered.

    From our PCI Scans Originating IP Addresses documentation:

    The following table contains the range of IP addresses owned by Alert LogicAlert Logic scans originate from a subset of these IP addresses, so verify make sure that your firewalls allow scanning traffic.

    I hope this helps! Please let me know if you need any further information or assistance.

  • Avatar
    Abby Kincer

    Thanks for reaching out, Rick! Hold tight while I get you a quality answer to your question.

    0
  • Avatar
    Rick Coloccia

    Hi, thank you! We are good now.

    1

Please sign in to leave a comment.