CyberGreen Scan Purpose Statement

CyberGreen helps policy makers and Computer Security Incident Response Teams (CSIRTs) focus their remediation efforts on key systemic risks; to help understand where improvements can be made and how, together, we can achieve a more sustainable, secure, and resilient cyber ecosystem. CyberGreen achieves this by cyber health measurement, sourcing data, providing a clearing house for mitigation, capacity building and advocacy. With the help of organizations such as yours, along with our partners, we have initiated a public awareness campaign to ensure that governments, businesses, the media, and individuals recognize the value of a healthy cyber ecosystem.

The Nature of our Research and its Public Benefits

CyberGreen scans the Internet to detect vulnerabilities that exist within the Cyber Ecosystem as they relate to open recursive servers. The cyber ecosystem is composed of any device which connects to the Internet, for example, but not limited to: clients, servers, virtual instances, embedded systems, and the Internet of Things. At CyberGreen, our work hinges on high quality, reliable data to enable us to provide the most accurate measurements and visualizations.

In our quest to identify and mitigate risks for a more resilient, healthier Cyber Ecosystem, we have identified a critical need to cross-reference multiple data sources, as different techniques provide different results. In the past, some data sets have been highly volatile, with a large replacement rate for IP addresses in consecutive scans. And while this sort of data, in its essence, will always be imperfect, CyberGreen seeks to better understand and analyze the imperfections rather than to rely on assumption.

By conducting our own scans at CyberGreen, we can hold true to our value of transparency by devising our own scanning method and publishing that method for the broader community. By doing so, our hope is to elicit feedback and maintain trust as we endeavor to make the Cyber Ecosystem a healthier place for the global good.

Scan Methodology and Principles

CyberGreen is currently writing a fuller technical description of our scanning. However, we can provide the current state of the practice for review:

  1. CyberGreen conducts four whole-Internet scans per week, each of which focuses on a different service (UPNP, DNS, NTP, SNMP).
    • CyberGreen does not scan unscannable space (e.g., RFC 1918 addresses, multicast or future use addresses)
    • CyberGreen does not scan addresses which have opted out of scanning
  2. Scans are conducted from various cloud providers and the scanning addresses change regularly.
  3. The addresses are assigned fixed DNS names of the form scannerX.scanning.cybergreen.net, where X is a number.
  4. CyberGreen does not publicly release individual host vulnerability information; we publish aggregate information as shown on stats.cybergreen.net.

Over time, our intent is to add more scans to this set to identify other vulnerabilities and risk. Our intention is not to cause disruption to networks. As always, CyberGreen values the engagement of the community to help us move forward in the most constructive and unobtrusive way. Our engagement policy lays out the following principles:

  1. CyberGreen’s constant goal is gold standard – where the standards exist, follow them. Where the standards don’t exist, define them. This includes both research and community engagement. We are, after all, committed to helping the community.

  2. CyberGreen seeks community involvement. The accuracy and quality of our data requires buy-in and cooperation from the scannees. The more actively they are involved, the better. If you are scanning the Internet, contact us about data partnership.

  3. CyberGreen will always be crystal-clear in communicating our intents, and in following the intents of those we engage with. In particular, if your organization wants to not be scanned by CyberGreen, we actively encourage you to contact us via our opt-out page (link) rather than blocking our scanners. Blocking the scans introduces false negatives, as we cannot distinguish between a policy decision to protect the network and the absence of vulnerable hosts.

CyberGreen’s engagement policy is focused on providing the rest of the Internet a clear understanding of our goals, access to our data, and a mechanism for positively supporting or disengaging from our efforts.

Exclusion Requests

While the purpose of this statement is for the community to understand that our scans are conducted for benevolent purposes, CyberGreen recognizes and respects the rights of users who wish to opt out of the process.

If you wish to opt out CyberGreen’s scans, please visit our opt-out page.

If you want to talk with us about our scans, please contact us.