Skip to content

Scanning Best Practices

Zakir Durumeric edited this page Feb 17, 2017 · 2 revisions

We offer these suggestions for researchers conducting Internet-wide scans as guidelines for good Internet citizenship.

  • Coordinate closely with local network administrators to reduce risks and handle inquiries
  • Verify that scans will not overwhelm the local network or upstream provider
  • Signal the benign nature of the scans in web pages and DNS entries of the source addresses
  • Clearly explain the purpose and scope of the scans in all communications
  • Provide a simple means of opting out and honor requests promptly
  • Conduct scans no larger or more frequent than is necessary for research objectives
  • Spread scan traffic over time or source addresses when feasible

It should go without saying that scan researchers should refrain from exploiting vulnerabilities or accessing protected resources, and should comply with any special legal requirements in their jurisdictions.