About

Frequently asked questions - FAQ

Welcome to the list of some of the questions you might ask about VikingScan

Questions

Q: Is VikingScan for free A: Yes, VikingScan is planned as a free portscan service, where the basic portscanning is free. Think of the services GratisDNS.dk and replace DNS with portscan. Later there will probably be offers for other services which require more resources and will be paid services.

If there are to many problems with portscanning, complaints etc. it might also result in the termination or changed terms for this service.

Q: There are already others doing this?

A: Probably, but I find it an interesting project and none of the existing solutions were suitable for my needs.

Q: Who are behind VikingScan.org A: VikingScan was started by Henrik Lund Kramshøj partner in Solido Networks ApS. You can find more information about me and the company at these links:

• http://www.kramse.org

Q: When is VikingScan starting/ When is it in production A: There are a lot of work before we are fully in production

The todo list is still growing and will probably keep growing. Some parts are ready:

Server - done Portscan scripts - done, reusing solido Networks scripted portscans Administration web application, missing quite a lot Basic web pages, work in progress AUP/terms for use … and a whole lot of other stuff The start was a few years back.

Latest change is that January 2009 an open service was announced at http://miniscan.VikingScan.org which is a taste of the things to come. This service will only allow you to scan the IP address you are connecting from.

The real service will allow you to scan multiple/other IP-addresses - for instance based on a subnet or range that you are approved for by me. Consultants will be allowed to scan arbitrary addresses.

Who gets to do what will probably be based on your identity - if you have a PGP key signed by somebody I trust - then your identity is determined and you can scan freely. It also means that if some of the scans you have started result in complaints - I know who to contact :-)

Next level might be based on whois and sending confirmation emails to the email addresses listed, before scan is allowed.

As you can imagine a lot to think about

Q: What is the purpose of VikingScan A: This is a bit difficult, because there are several important reasons for this project

Primarily the reason is easy access to a complete portscan of networks - without having to decide if you want to pay X times 100 EUR per IP-address.

Second reason is to get more customers to my company :-)

Further I want VikingScan to make it harder to sell bad security pentest, which gives a false sense of security. Bad security pentest are doing a bad portscan, running a single tool like Nessus and then doing search and replace in the HTML report and selling that as a security pentest. That kind of security test is now adequate coverage and the customer cannot trust the results.

Q: Can VikingScan be used by other security companies A: Sure, it is expected that smaller security companies or companies where security pentest are not the primary services can use VikingScan as a replacement for parts of their own scanning.

If you have questions do not hesitate but send them to me Henrik Lund Kramshøj, hlk@kramse.dk.