https://syed-anwar-uddin.github.io/tags/systems/ Recent content in Systems on Syed Anwaruddin Hugo -- 0.145.0 en-us Sat, 09 May 2026 00:00:00 +0000 https://syed-anwar-uddin.github.io/posts/lynx-unified-bandwidth-governance/ Sat, 09 May 2026 00:00:00 +0000 https://syed-anwar-uddin.github.io/posts/lynx-unified-bandwidth-governance/ <p>When you&rsquo;re scanning the IPv4 space for TLS certificates, the bottleneck isn&rsquo;t usually the SYN sweep or the TLS handshakes individually. It&rsquo;s the interaction between them, and the standard tooling doesn&rsquo;t model that interaction.</p> <p>The canonical research pipeline is ZMap piped through ZTee into ZGrab2. ZMap fires SYNs at a configured L4 rate. ZGrab2 reads verified hosts off the pipe and runs TLS handshakes at a configured worker count. They share an interface, a kernel, and an uplink, but they don&rsquo;t share a rate budget. The result on dense CDN ranges is that ZGrab2&rsquo;s certificate traffic can dwarf ZMap&rsquo;s SYN stream, with no mechanism for the L7 surge to throttle the L4 cannon. On global anycast prefixes the same dynamic causes something more interesting: per-AS scanner detection at the CDN that neither tool would trigger alone.</p>