Robert Kisteleki wrote on 20/02/2024 15:43:
Since the potential pool of software probes is almost infinite, in response to the highlighted case, we'd like to propose the following mid-term approach:
* No user/account should be allowed to run more than X SW probes from the same IP (X=3 ?)
* No user/account should be allowed to run more than Y SW probes from the same IPv4/24 IPv6/48 (Y=5 ?)
* Regardless of the user/account, no more than Z SW probes should be allowed from the same IPv4/24 IPv6/48 (Z=10 ?)
X, Y and Z are defaults, can be changed per account. This is done in order to facilitate corner cases and overstepping the limits, if this is warranted (given a good explanation). We are also reaching out to the current "peak users" to understand their use cases and motivations - the above limits can be enforced depending on the responses.
This looks reasonable. Particularly reaching out to try to understand why the individuals in question are doing this. It would be interesting to check for any unusual probe activity which used these credits. Nick