Skip Navigation
 Search | Directories | Reference Tools
UW Home > UWIN > Computing and Networking > Security 

UW Campus Scanning

Background

The UW Campus Scanning initiative is an effort to regularly and methodically scan all devices connected to our enterprise network. We use the term devices because not only desktop and server computers get scanned; printers, wireless access points, managed switches, and any other thing that uses an IP address on the UW network will be scanned. There are several reasons why scanning is good, some of which are:

  1. Identifying rogue services that appear on similarly compromised computers
  2. Noticing trends and usage of various operating systems and network services
  3. Helping to monitor utilization and growth of network resources
  4. Providing additional resources to departmental support staff

Details

Campus Scanning is an activity whereby UW Technology uses a computer to try talking to every other computer or device using the UW network. When we talk to each computer what we're doing is what's called a "SYN" scan, identifying all the services a given device is offering over the network. This activity is non-intrusive in nature and will not cause your computer to crash or otherwise misbehave. If you have a firewall application running on your computer, or if you are an IT employee and monitor a network firewall, you may see logs of connection attempts from the UW Technology scanning computers. This is an expected byproduct of campus scanning against certain firewalled devices, so no need to worry! You may see fit to program your firewall so that it does not log connection attempts from the UW Technology scanning servers, which are listed below.

Schedule

The scanning engine runs all the time, day and night; individual scans take place regularly and run automatically. Devices are scanned at random, and a single host is scanned no more than once per calendar week. A scan of one single target will run from 1 minute to 30 minutes, depending on a host of factors. If you are an IT administrator monitoring firewall logs for an entire subnet or more, you may see what seems like constant scanning of individual hosts in your purview. That is due to the random nature of the target selection, ensuring that no single subnet is burdened by a concurrent scan of all its devices at any one time. The current campus scan server subnets are described below:
Scan server subnets
140.142.4.32/28
66.96.69.192/27

Notification

If you would like to receive email notification of important campus scan announcements, you may subscribe to the campusscan-notify email distribution list. To subscribe or alter your subscription settings, visit the campusscan-notify list info page.