Hi!
On Tue, Mar 1, 2011 at 7:09 AM, Chris Palmer chris@eff.org wrote:
For example, the SSL Observatory does a "scan" that is very similar to what happens when a user clicks a link and then immediately clicks the Stop button in the browser: SYN, SYN/ACK, ACK, Client Hello, Server Hello + Certificate, goodbye. We do this once per IP every few months. Out of 4 billion IP addresses, we got one complaint that I know of.
Interesting. We were doing the very same thing (opening only 80 and 443 ports to check for certificates) just few weeks ago over whole IP space and got a few complaints: from ATT, usu.edu and usi.com.
Maybe the difference was in speed of scanning? We randomized order of scanning but still some networks detected us as scanning their whole ranges.
And what is even more interesting is that our ISP was much more eager for us to reply to those complaints than to complaints for us running a Tor exit node some time ago. At that time they didn't even require from us to respond. They just forwarded us e-mails in a FYI manner. Maybe they changed some policies in meantime.
Mitar