Vulnerability Scan

Help! My computer is being attacked!

The IT Information Security Group conducts automatic security vulnerability scans against all systems and devices connected to the Emory network. These scans look very much like actual attacks against the targetted systems, but are not dangerous and you can safely ignore them.

How can I tell an Emory scan from a real attack?

Look at the IP address and associated DNS name of the system that seems to be attacking you. If the IP starts with 10. and the DNS name is OITSecurityScanner-see-it-DOT-emory-DOT-edu-SLASH-scan.emory.edu then it's a legitimate Emory scan and you can ignore it. There are also a few legacy scanning systems whose IPs begin with 170.140. and whose DNS names start with EmoryUTS and end with Scanner.cc.emory.edu.

If you are concerned that your computer is being attacked systems that don't match the criteria above, please email security@emory.edu or call 404-727-6666.

My device keeps crashing after it gets scanned!

Some fragile network devices may crash when they are scanned. We encourage you to contact the device's vendor to see if any patches or updates are available that might fix the problem. Any device attached to the Emory network needs to be robust enough to withstand scanning.

For critical devices, though, we can temporarily stop scanning them while you work with the vendor. To request that we stop scanning one or more devices, please send a list of all the devices' IP addresses to security@emory.edu.

Can I see the results of the scans?

Yes, for systems you're responsible for. Email us at security@emory.edu. Be sure to include your contact information, your NetID, the name of the organization you represent, and a list of IP addresses you're interested in.

We are working on a web-based system that will automatically allow access to scan results in real time.

Can you scan my system at a particular time?

Our scanning system does not perform scans of any system at any particular time. You may see scans at any time of day, and time between scans can vary from one day to a week or more. It is not possible to limit scanning of specific systems to a given window of time.

We can manually scan your system in addition to the usual automatic scanning. Such manual scanning is not usually necessary, though, because the automatic scans are so frequent. If you would like to request a manual scan at a particular time, please contact us at security@emory.edu. Be sure to include your contact information, your NetID, the name of the organization you represent, and a list of IP addresses to be scanned.

I have some other question about security scans

Please send your question to us at security@emory.edu or call 404-727-6666.