Home page logo

nanog logo nanog mailing list archives

Re: anti-spam vs network abuse
From: Roger Marquis <marquis () roble com>
Date: Fri, 28 Feb 2003 15:11:40 -0800 (PST)

Richard Irving wrote
Jack Bates wrote:(SNIPO)
Should we outlaw a potentially beneficial practice due to its abuse by

Okay. What happens if you make a mistake and overload one of my devices
costing my company money.

 That is usually a civil issue, not criminal.

Legal considerations aside it is not good practice to scan a
subnet/server hosting dozens of websites.  Typical symptoms are
slow connections to all the sites, increased memory utilization,
and error logs like the following:

        [Wed Feb 26 02:14:57 2003] [info] server seems busy, (you
        may need to increase StartServers, or Min/MaxSpareServers),
        spawning 26 children, there are 60 idle, and 88 total

As a result the ISP must either A) purchase more RAM, faster CPUs,
and additional servers, or B) run the risk of complaints and lost
customer goodwill.  All of this costs time and money.

The best mitigation is to set a _slow_ scan rate but even that can
still get you blacklisted by a well designed NIDS.

Given the potential cost to third parties it's difficult to see any
case for netscanning, regardless of the scanner's rational.

Roger Marquis
Roble Systems Consulting

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]