Internet-wide port scans

Darius Jahandarie djahandarie at gmail.com
Tue Oct 16 01:18:31 UTC 2012


On Mon, Oct 15, 2012 at 4:34 PM, Florian Weimer <fw at deneb.enyo.de> wrote:
> A full scan needs just 0.5 TB of data per TCP port, so "roll your own"
> is definitely an option.  But I expect that any halfway decent hosting
> provider will start asking questions after the first billion packets
> or so, and at least over here, broadband access without abuse
> management lacks sufficient upload bandwidth, making the results
> difficult to interpret because the measurements would span several
> days.

Assuming you're scanning with 40 byte SYNs, you're going to be looking
at an 84 byte Ethernet frame per port. If you're doing a 65535-port
port scan, it'll use about 44Mbits of data. This means on a 1Gbit/s
port, you could do around 22 scans per second. That'd be around 57.82
million scans a month. Buying a gig of cheap bandwidth for a month can
cost $1000. So each scan would be about 0.002 cents if you just wanted
to cover the costs.

Of course this is assuming that you manage to have enough things to
scan to do 22 per second for an entire month. Combine that with the
fact that the person would most likely like to make a profit, and
you'd be looking at probably at least 0.1 cents per scan.


Either way, in the US at least, it's not legal to port scan random
machines on the internet, so this was a rather useless exercise. (And
I probably made some calculations errors anyways :) Not to mention
that the tool would probably just be used to packet other sites, since
44Mbits is fairly non-negligible.


Cheers.

-- 
Darius Jahandarie



More information about the NANOG mailing list