Diffscan currently runs from a Cloud VM, which has the main advantages of:
- Being puppetized
- Not hitting external rate-limiters
- Low latency
However the main drawback is that the scan is coming from a 172.16.0.0/21 IP:
- Which is not representative of an external scan (different paths and ACLs)
- Enabling NAT (see T209011) might not be an option (could overload the NAT table)
Ideally that host has IPv6 connectivity for T265329
As the tool is quite lightweight (only needs python, internet and SMTP) it might be worth running it from an external server, like wikitech-static.