Hacker News new | ask | show | jobs
by luckylion 2079 days ago
> A few connections per minute hardly classify as abuse in any reasonable sense of the word.

That's for one individual who's scanning something. On the receiving end, you're not dealing with one individual, you're dealing with many individuals who are probing for vulnerabilities.

If one guy intentionally steps on your foot, that's mildly annoying. If a thousand people intentionally step on your foot, that's a very different issue.

> Most cloud providers for example do not allow port scanning from their network (for various reasons).

They don't? They are often the source I see. Is that a policy thing where they say "yeah well please don't" or will they actively shut you down if you're doing it from their infrastructure?
2 comments
dodobirdlord 2079 days ago
Cloud providers are vigilant for signs that accounts have been compromised and are being used by hackers for nefarious things. It's in their best interest to detect this early and step in before the hackers can pile up a ton of charges that the account owner is then going to dispute. Some big clues are (1) seems to be mining cryptocurrency, (2) seems to be trying to DDoS something, (3) seems to be sending email spam, and (4) seems to be scanning the entire internet for vulnerabilities. Sending a ton of email is usually actively prohibited and the cloud provider will blackhole your packets because they're protective of the reputation of their address blocks. Scanning the internet is more of a "try it and see" sort of thing. If it's not a significant change in behavior from the background of what's normally going on in your account, or if you're doing it from a trivial number of machines, probably nothing will happen. If you suddenly spin up a ton of infrastructure for this purpose you can probably expect a friendly phone call fairly quickly, followed by having your account suspended until they hear back from you. If you run a big account with your cloud provider they won't go suspending your VMs willy-nilly, but also if you have a big account with your cloud provider they have your business number and expect you to answer it.
link
rswail 2079 days ago
I once ran nmap from one EC2 in our account to another via EIPs (ie out to the internet and back again) to test the firewall and got a nastygram from AWS about running scans.
link
catfish17 2079 days ago
You also have once offered an answer when everybody else was enjoying a rare level of incompetence. Remarkable.
link
metafunctor 2079 days ago
If a thousand people intentionally step on your foot, and it bothers you, maybe take your foot off the pathway.
link