Conditions for performance of External Security Scans
- External Security Scan (the “Testing”) can only be performed against an order or by a Customer with an active payment account;
- Testing should not be aimed at any other resources of other Nebius customers or any common components of the Platform infrastructure;
-
It is strictly forbidden to use any tool in such a way that they perform malicious activities including but not limited to:
- DDoS attacks L3/L4 or its imitation,
- TCP SYN Flood / UDP Flood / ICMP Flood / spoofed packet DDoS or simulation,
- Fragmented UDP / ICMP / TCP (Teardrop),
- ICMP Smurf,
- Amplification attacks (DNS / NTP / LDAP / memcached, etc.).
- Any port must be scanned non-aggressively;
- It is forbidden to access the media or data of other customers or to execute any container escape attacks (e. g. a Virtual Machine escape);
- Testing must not violate the terms and conditions of the Agreement according to whereto Customer has acquired access to Platform;
- If a testing company or Customer believes to have discovered a potential security issue related to the Platform, the Customer must report this to technical support within 24 hours;
- In case of unintentional access to the Content of other customers by the testing company, such testing company shall immediately stop Testing and inform Nebius thereof within one hour;
- Customer shall be liable for any damage caused to Nebius or other customers of Platform, as caused by Testing due to failure to comply with these rules or provisions of Agreement.