|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: anti-spam vs network abuse
Richard Irving wrote >Jack Bates wrote:(SNIPO) >> > Should we outlaw a potentially beneficial practice due to its abuse by >> > criminals? >> > >> Okay. What happens if you make a mistake and overload one of my devices >> costing my company money. > > That is usually a civil issue, not criminal. Legal considerations aside it is not good practice to scan a subnet/server hosting dozens of websites. Typical symptoms are slow connections to all the sites, increased memory utilization, and error logs like the following: [Wed Feb 26 02:14:57 2003] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 26 children, there are 60 idle, and 88 total children As a result the ISP must either A) purchase more RAM, faster CPUs, and additional servers, or B) run the risk of complaints and lost customer goodwill. All of this costs time and money. The best mitigation is to set a _slow_ scan rate but even that can still get you blacklisted by a well designed NIDS. Given the potential cost to third parties it's difficult to see any case for netscanning, regardless of the scanner's rational. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
|