Hi, On Tue, May 13, 2003 at 10:12:53AM +0200, Rune Kristian Viken wrote: > This, quite frankly, is blatant abuse of other people's bandwidth. If I > read your post correctly, you're scanning _all ports_, 10.000 ports at a > time. 60 bytes goes to the SYN, 60 bytes to the SYN/ACK, 52 more bytes to > the ACK. Then the actual data needed to be sent to determine wheter it is > a socksproxy, wingate or whatever ... I'll guesstimate at least 100bytes > more in each direction, plus the FIN/ACK packets, which means another 52 > bytes in each direction. This means something in the range of 260bytes > incoming per port. 260 * 10.000 = 260.000 bytes per 'increment' of your > scan, per IP. > For closed ports, that will be just an incoming SYN and an outgoing RST. Most ports are closed, so the average amount of data sent will be a SYN and RST only. That's 60 incoming bytes, or even less if I'm correct. > Now, I used to have a 33k6bps always-on connection, with a /27 IP-range. > This means your abusive scanning would waste 32*260.000 = 8.3MB for every They scan only IP addresses that sent them mail, which is none of your addresses if you use your ISP's mail server, or just one if you use your own. > 'increment' of your scan. If I still had that 33k6 connection, I would get > 3.5kb/s incoming .. amounting to you wasting 40 minutes of my total > bandwidth for every increment of your self-rightous scanning. > That would be 1*60*10.000 bytes over your 3.5KB dial-up line, which probably even used data compression and TCP header compression. That is well below 20 seconds for the 10.000 port scan. And then you're assuming a connection that is not very likely for people running a mailserver without smarthost. > This pain is not acceptable. > > Your scanning is quite frankly worse than most spammers - for a lot of > people. The argument for running blocklist is that spammers waste > bandwidth. You waste FAR more bandwidth for a lot of people. This is a > thypical example of the 'cure' *killing* the patient instead of helping. > Bandwidth is not the only problem. Annoyed people is another good argument. Regards, Fred. -- Fred van Engen XB Networks B.V. email: fred.van.engenat_private Televisieweg 2 tel: +31 36 5462400 1322 AC Almere fax: +31 36 5462424 The Netherlands ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 13 2003 - 15:11:09 PDT