β οΈ If you use Cloudflare, please follow these instructions for allowlisting
β οΈ Essential users only need to whitelist one range: 203.12.218.0/24
Jump to the point of interest:
Full list of Intruder's scanning IPs
If you haven't updated your scan region in the portal (we explain how to do that below), then for:
Existing customer (pre-May 2023) π default regions are London and Frankfurt
New customers (post-May 2023) π we run a geo-IP check on the first person to login and set the scan region based on that, though the first user is given the option to amend this during onboarding.
And if you need it, below is a list of all our scanner IPs, organised by region (for Essential users, you just need to allow one range:: 203.12.218.0/24).
Scan region | IP Ranges |
Asia Pacific (Tokyo) |
|
Asia Pacific (Singapore) |
|
Asia Pacific (Sydney) |
|
Asia Pacific (Mumbai) |
|
Canada (Central) |
|
Europe (Ireland) |
|
Europe (London) |
|
Europe (Frankfurt) |
|
South America (SΓ£o Paulo) |
|
US West |
|
US East |
|
Updating your scan region
The above IPs can also be found in the portal: Scans > Settings > Scan region. To view them just select the region, but to ensure that the scans originate from there, you must hit Save scan region.
FAQs
Where should I add these IPs?
You should add the appropriate IPs to any WAF, IPS or IDS you have enabled.
Some cloud providers might also ask you for the source IPs from which our scans will be originating. You should also consider if you have any additional DDoS Protection Systems, or Web Application Firewalls or Content Delivery Networks that could be applying IPS/IDS technology, for example some edge routers now include this as standard.
Should I add your IPs to my perimeter firewall?
We recommend you add our scanning IPs to the allowlist in any IPS, IDS or WAFs you have enabled; but do not to give us access straight through the perimeter firewall β we don't need to see your internal systems if they aren't normally exposed β we just need to see what's normally accessible from the internet.
What is the purpose of an allowlist?
Our scans rely on checking you for tens of thousands of possible weaknesses - and we do it in as short a space of time as possible (that said, there's no quick way of checking for tens of thousands of things, it still takes a while).
Because of this, our approach to testing is very obvious to any Intrusion Protection Systems and it's highly likely that if our scanner encounters one, we'll be blocked.
The problem with this, is that if we're blocked, we're unable to detect any weaknesses, which could leave you exposed to sneaky attackers who fly under IPS radars by only checking for single weaknesses at a time.
Can scan regions help with geo-fencing?
Yes! All you need to do is select a compatible scan region, hit save and add the required IPs to your allowlist. No longer will our scanners be blocked from reaching your targets!
What if I have assets in more than one region?
We'd recommend selecting the region where most of your targets are hosted. Don't worry though, it's not an exact science; so long as you allow the IPs for the scan region selected, you should be fine.