How do you deal with the abuse reports? I tried this on a Digital Ocean's droplet against port 80 and sure enough I got reported for abuse in less than 5 minutes after running the script at only 100k rate. It's only port 80!
According to [1] they got 58 abuse complaints for a scan of the entire internet on port 22. The scanner IP address they list is hosted by cari.net who will presumably overlook some abuse reports if you're on their $225-a-month high bandwidth plan.
First of all, we avoid well-know "darknet" monitors that generate a lot of abuse reports.
Second of all, we response personally to each abuse report and offer to include them in our "exclude" file so that we won't scan them ever again. Though, of course, I prefer they add us to a "whitelist" file: not opening their firewall, but adding us a file that ignore logging.
I'm using the "Feistal network" construction that is at the heart of the data encryption standard, replacing binary operations like 'xor' with the "addition plus modulus" operation.
My found function sucks, and I only do 3 rounds, so there's probably some issues there. But, if I were to fix those issues, then there should be no more detectable bias than in the original DES cipher.
