Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: anti-spam vs network abuse

  • From: Roger Marquis
  • Date: Fri Feb 28 18:14:00 2003

Richard Irving wrote
>Jack Bates wrote:(SNIPO)
>> > Should we outlaw a potentially beneficial practice due to its abuse by
>> > criminals?
>> >
>> Okay. What happens if you make a mistake and overload one of my devices
>> costing my company money.
>  That is usually a civil issue, not criminal.

Legal considerations aside it is not good practice to scan a
subnet/server hosting dozens of websites.  Typical symptoms are
slow connections to all the sites, increased memory utilization,
and error logs like the following:

	[Wed Feb 26 02:14:57 2003] [info] server seems busy, (you
	may need to increase StartServers, or Min/MaxSpareServers),
	spawning 26 children, there are 60 idle, and 88 total

As a result the ISP must either A) purchase more RAM, faster CPUs,
and additional servers, or B) run the risk of complaints and lost
customer goodwill.  All of this costs time and money.

The best mitigation is to set a _slow_ scan rate but even that can
still get you blacklisted by a well designed NIDS.

Given the potential cost to third parties it's difficult to see any
case for netscanning, regardless of the scanner's rational.

Roger Marquis
Roble Systems Consulting

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.