Re: Scanning the Internet for Vulnerabilities

[Robert L Mathews <lists () tigertech com>]

On 6/20/22 12:24 PM, Matthew Craig wrote:
> The intent behind vulnerability scans is good, however the majority of 
> DOS attacks that my networks encounter these days are from cybersecurity 
> organizations conducting cybersecurity research.

Yeah. The unwritten rule of this is "if you're going to do it, do it 
gently enough that the person receiving it doesn't notice".

If the load average on my server goes up by 20 because you've opened 20 
simultaneous HTTP connections and you're sending nonstop requests on all 
of them for thousands of random filenames that don't exist (but which 
each cause a PHP script to run), I'm not going to appreciate it.

Same if you send tens of thousands of TCP SYNs a second so you can 
quickly scan all possible ports of hundreds of IP addresses.

If I don't even notice it, though, I'm unlikely to be bothered to object 
to it.

--
Robert L Mathews