Legally port scanning (Whitelist)

Question

I am attempting to set up a security vulnerability scanning server. I have several customers interested in using it to scan their systems. I will be port scanning and carrying out intrusion detection, etc.

Before I go ahead with this, I want to know if there is a process for getting whitelisted so that other security services do not interfere or my IP ends up getting blocked.

(Like when you have a mail server and you have a reverse DNS entry so all the emails to certain domains don't get constantly bounced)

your title uses the word 'legally' - is that part of the question, too? — schroeder, Sep 18 '15 at 15:07
Thanks for the responses. All good points. Now, how do I mark this thing answered? — Paul Perrick, Sep 18 '15 at 18:42
there's a checkmark under the voting buttons - it should activate after a couple days — schroeder, Sep 18 '15 at 18:59

score 1 · Answer 1 · answered Sep 18 '15 at 15:05

Email protocols allow for the existence of whitelists based on verified known-good servers and is a coherent system of servers. "Security services", on the other hand, have no such protocol and are not coherent. Each service needs to whitelist your IP.

On top of that, there should not be such a whitelist: imagine what would happen if a malicious entity got on to the whitelist...

score 0 · Answer 2 · answered Sep 18 '15 at 15:09

No, there no such thing. However you will need a written agreement from all involved parties (your ISP, the customer, customer's hosting company in case it is externalized, etc.).

In all case, you should get in touch with a specialized lawyer to ensure that, not only you did all steps to not interfere with other security services, but moreover that if something goes wrong you will not be blamed...

Legally port scanning (Whitelist)

2 Answers2