^{Penalty Box}
                                         Last Update: 6 August 2007

Hosts on the visitor network that are seen as 'scanning hosts', including those that might be running SKYPE as a supernode (or some other P2P software, we have also seen instances of an AFS client looking at all the cells in an AFS tree, e.g. using "ls /afs/* or find /afs)  will be put in the 'penalty box'.  A scanning host being a host seen opening many tcp sessions in a very short time.

The penalty box reduces that machines network connection outside the visitor network to a shared 56kbps connection with other machines that are in the penalty box, thus drastically reducing their network speed and throughput. 

Once in the penalty box the machine remains there for some amount of time.  If it is seen again as a scanning host it is put in again. The only way to get out of the penalty box is to not be seen as a scanning host subsequently.