Richard Irving wrote
Jack Bates wrote:(SNIPO)
> Should we outlaw a potentially beneficial practice due to its abuse by
> criminals?
>
Okay. What happens if you make a mistake and overload one of my devices
costing my company money.That is usually a civil issue, not criminal.
Legal considerations aside it is not good practice to scan a
subnet/server hosting dozens of websites. Typical symptoms are
slow connections to all the sites, increased memory utilization,
and error logs like the following:
[Wed Feb 26 02:14:57 2003] [info] server seems busy, (you
may need to increase StartServers, or Min/MaxSpareServers),
spawning 26 children, there are 60 idle, and 88 total
children
As a result the ISP must either A) purchase more RAM, faster CPUs,
and additional servers, or B) run the risk of complaints and lost
customer goodwill. All of this costs time and money.
The best mitigation is to set a _slow_ scan rate but even that can
still get you blacklisted by a well designed NIDS.
Given the potential cost to third parties it's difficult to see any
case for netscanning, regardless of the scanner's rational.