What is the source network for security scans conducted by Information Security and Policy?

All Information Security and Policy (ISP) scanning is initiated from the following subnet:

Scanning will be initiated only from IP addresses with DNS hostnames in the "security.berkeley.edu" subdomain. All ISP scanners have hostnames that reflect their role, such as "sns-campus-scanner-1.security.berkeley.edu".

If you detect scanning activity and are unsure if an ISP scanner is the source, please contact security@berkeley.edu for verification.