"Local network scan" can scan over the internet #2299
Description
Describe the bug
The option to scan local networks in network configuration could allow Infection Monkey to scan and attempt to exploit machines over the public internet. This risk needs to be obvious to the user.
Determining whether or not a network interface is connected to the public internet is not trivial. There are some simple steps we can take, but there is no formal definition of "public interface". The closest thing would be to only scan addresses in IPv4 the private ranges, but this may or may not be the user's desired behavior.
To resolve this issue, we will take the following steps
- Rename the option to make it clearer that public addresses can be scanned/exploited
- Disable the option by default
- Add an obvious warning icon and/or tool-tip explaining the risks associated with enabling the option
- Update the documentation to explain the risks associated with enabling the option
Tasks
- Fix functionality (0d) @cakekoa
- Change the option's name
- Change the option's display name
- Disable the option by default
- Fix documentation
- Add a tooltip and/or warning icon to the UI (0d) - @shreyamalviya
- Update the documentation to explain the risks (0d) @cakekoa