University of Wisconsin–Madison

Scanning IPs (Campus Network)

The Office of Cybersecurity periodically performs a variety of scans of the campus network for inventory and vulnerability. There are a few different types of scans:

Scan Type Purpose
Asset Discovery, Inventory, or Mapping To find and organize hosts and applications throughout our network. Asset Discovery/Mapping is to find, tag and organize the servers, devices and web applications connected to our network. Asset Discovery/Mapping do not generate reports of the findings for departments.
Host Vulnerability Scan To proactively identify and address security vulnerabilities by scanning the hosts in our network based on known flaws and generate reports of the findings that departments can use to tighten the security for the assets in our network.
Web Application Vulnerability Scan To identify known security vulnerabilities of web applications such as cross-site scripting, SQL injection, etc. and generate reports of the findings that developers can use to tighten the security for the web applications in our network.

 

We are currently aware of the following scanning machines and their corresponding originating IP addresses. When these scans are initiated by the Office of Cybersecurity, the scan traffic are originated from the following IP addresses.

IBM AppScan Web Application Vulnerability Scanning

  • security-scanner-5.services.wisc.edu (144.92.104.60)
  • security-scanner-6.services.wisc.edu (144.92.104.66)
  • security-scanner-10.services.wisc.edu (128.104.16.117)

Qualys Host Vulnerability Scanning & Web Application Vulnerability Scanning

  • security-scanner-3.services.wisc.edu (144.92.230.89)
  • security-scanner-4.services.wisc.edu (144.92.230.90)
  • security-scanner-11.services.wisc.edu (144.92.230.86)

Nessus Host Vulnerability Scanning

  • security-scanner-1.services.wisc.edu (144.92.230.87)
  • security-scanner-8.services.wisc.edu (144.92.230.91)

McAfee Database Vulnerability Scanning

  • security-scanner-12.services.wisc.edu (128.104.22.69)

Supplemental Scanning

  • security-scanner-9.services.wisc.edu (144.92.104.102)
  • static-128-104-17-139.doit.wisc.edu (128.104.17.139)
  • neko.doit.wisc.edu (128.104.16.92)
  • kuroneko.doit.wisc.edu (128.104.18.21)
  • komono.doit.wisc.edu  (128.104.16.99)

For more information regarding the scanning IP addresses, please contact cybersecurity@cio.wisc.edu