In early November, the UK’s National Cyber Security Centre (NCSC) announced that it had launched an effort to scan all hosts located in the UK’s cyberspace for vulnerabilities. The goal is to assess the security of Internet-connected systems for vulnerability to potential cyber attacks.
A dedicated cloud environment and two IP addresses are used for the scan: 126.96.36.199 and 188.8.131.52, located, according to WHOIS databases, in London and resolved to the domain name ‘scanner.scanning.service.ncsc.gov.uk.’ According to NCSC’s technical director, simple scans will be launched in the first phase of the project, the complexity of which is to be gradually increased. The data collected during the described scans, is supposed to include the responses of the queried hosts (e.g. the full response with the HTTP headers of the web server). While the scope of the data collected is to be as small as possible, it is intended to allow the scanned devices to be evaluated for potential vulnerabilities. NCSC informs that in case of collection of data that may be considered sensitive (e.g., personal data), such information will be deleted. It is also possible to opt-out, i.e., exclude an address or range of IP addresses from the scan – just inform NCSC by email.
British govt is scanning all Internet devices hosted in UK
Scanning the internet for fun and profit