Our scans rely on checking you for tens of thousands of possible weaknesses - and we do it in as short a space of time as possible (in fact, there's no quick way of checking for tens of thousands of things, it still takes a while).
Because of this, our approach to testing is very obvious to any Intrusion Protection Systems you might have, and makes it easy for them to block us. If they block us though, then we won't be able to detect weaknesses in your systems. However, attackers who are sneaky and only check for single weaknesses across the internet may not be detected, potentially leaving you exposed.
For these reasons, we recommend you add our scanning IPs to the allowlist in any IPS, IDS or WAFs you have enabled. However, be careful not to give us access straight through the perimeter firewall – we don't need to see your internal systems if they aren't normally exposed – we just need to see what's normally accessible from the internet.
If you use Cloudflare, then follow these instructions to add our Scanner IPs to your allowlist.
Some cloud providers might also ask you for the source IPs from which our scans will be originating. You should also consider if you have any additional DDoS Protection Systems, or Web Application Firewalls or Content Delivery Networks that could be applying IPS/IDS technology, for example some edge routers now include this as standard.
The source IPs for Intruder's vulnerability scanning engines are as follows:
35.177.219.0/26
3.9.159.128/25
18.168.180.128/25
18.168.224.128/25
54.93.254.128/26
18.194.95.64/26
3.124.123.128/25
3.67.7.128/25
203.12.218.0/24 (most recent)