[Dshield] Why???

Ian Carter ianc at internode.net
Thu Oct 3 03:49:52 GMT 2002

"Port scanning wastes bandwidth, bandwidth that ISPs have to purchase"

The bandwidth used by port scanning or for that matter all ICMP traffic is
small potatoes. One user streaming videos, or downloading big warez apps is
a bigger issue.

You must have a special ISP, most won't act on port-scanning complaints.
Like ICMP echo, it is just knocking on doors looking for a response. Most
AUP's specify PC security is the users responsibility. As far as working
with other ISPs to report and prevent port scanning...there are more fun
ways to waste time. You can lodge a complaint to the abuse address or the
ARIN listed contact, but don't hold your breath waiting on a response.


----- Original Message -----
From: "KeithTarrant" <KeithTarrant at spamcop.net>
To: <list at dshield.org>
Sent: Wednesday, October 02, 2002 6:18 PM
Subject: Re: [Dshield] Why???

> Port scanning wastes bandwidth, bandwidth that ISPs have to purchase,
> directly reducing profits.  Hacking increases customer service expenses
> and decreases customer satisfaction, leading to reduced customer referrals
> and reduced profits.  Hacking also increases the need for redundant
> equipment and staff.  Hackproof software does more internal checking and
> requires more horsepower to run, increasing the size and cost of
> processors required.
> Hacking wastes real trees and reduces profits.
> So ISPs do have an interest in keeping hacking activities undercontrol.
> But, in my opinion, currently there is not sufficient reason to maintain
> the staffing necessary to shut down hackers in hours instead of days or
> weeks.
> Of course President Bush could change all that tomorrow, decide that port
> scanning provides too much camoflague for "America's Enemies", making it
> worthy of 10 year sentences, make the open distribution of malware a
> violation of "Trading with the enemy" laws, worthy of life in prison.  Of
> course sentences like that would be an over-reaction.
> Besides, I suspect (no proof) that our own governments (I'm in Canada)
> probably use the camoflague aspects themselves.
> Unfortunately, some abuse analysts are people who want to work with
> computers, but can't tolerate how darn boring it is most of the time, and
> who didn't realize how average the pay is.  This sometimes happens with
> programmers too.  It leads to low-quality work and a low volume of work.
> Ian, it doesn't matter if ones own ISP cares about scans or not, because
> the majority of scanning comes from other ISPs' customers.
> My ISP has 2 departments that work on abuse.  One focuses on excessive
> bandwidth use (stability), the other scanning.  On average scanning stops
> 7 days after reports are sent.  Roadrunner takes 8 days.  These times are
> pretty good. Comcast takes 2 weeks.  IBM 1-1/2 months.
> As for making friends, that is true for the best programmers too.  If you
> do a good job, you aren't called in to fight fires at 3AM, you don't get
> the OT, you don't get the open gratification from a mis-informed
> management.
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list