Network exposure change detection service
A periodic external view on the exposure of network services can help identifying network service outages. But further more it can detect if new services have been established, either by an employee, a supplier or an attacker. Sometimes new services are places on purpose, sometimes by accident, or for instance to maintain access by criminals.
This service is based on periodic network port scans. It is able to detect and send the result to an email address, containing the changes seen since the last subsequent scans.
How to request the service?
Please send a mail to info@circl.lu and express your interest in this service. You have to specify the following: - An Email address where to send the results to - The IP address(es) or network range(s) you would like to include in the scan - A statement that you are authorized to request those scans - from a legal perspective of the company and the network owner, if different
How does the result look like?
The email contains information regarding a subsequent network port scan performed by CIRCL, which discovered a network change. The result of the scan and the changes (additional open ports or new hosts indicated by a plus (‘+’) sign, closed ports indicated by a minus (‘-‘) sign) regarding the specified network(s).
A new port has been opened since last scan:
w.x.y.z:
Host is up.
-Not shown: 65536 open|filtered ports, 65535 filtered ports
+Not shown: 65536 open|filtered ports, 65534 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http
+443/tcp open https
A port has been closed since last scan:
w.x.y.a:
Host is up.
-Not shown: 65536 open|filtered ports, 65534 filtered ports
+Not shown: 65536 open|filtered ports, 65535 filtered ports
PORT STATE SERVICE VERSION
-80/tcp closed http
443/tcp open https
Is the software for this service publicly available?
The software is distributed as free software. The software is available on our GitHub repository.