Our 10 Commandments for Ethical Internet Scanning

Written on 2022/10/23

On 19th of October 2022, our founder and CTO @PatriceAuffret gave the opening keynote of the Cyber and Threat Intelligence Summit (CTIS-2022) event. It gathered roughly 200 people in the field of defensive and threat intelligence fields. The subject of our CTO’s keynote was: “Ethical Internet Scanning in 2022”. The full recording of the conference has been put online for spreading.

To make a long story short, we defined our 10 Commandments for Ethical Internet Scanning activities. We want to open the discussion with researchers and companies worldwide so we all agree on the Ethical Way of doing it. Overall, it would make such activity better perceived from network owners and seen as another great tool in the defensive arsenal.

Our 10 Commandments for Ethical Internet Scanning

1. Web server explaining purpose on every probe
2. Give an opt-out request e-mail address
3. Set whois records with organization & abuse@ email address
4. Give probes IP address list on probes Web servers
5. Reverse DNS pointing to your project/company
6. Handle abuse requests on a timely manner, ask no question
7. Only send standard packets/protocol requests
8. Scan slowly to not stress target (or source) networks
9. Use fixed IP addresses, not trashable ones
10. Honor remove collected data requests on a timely manner, ask no question