The most worrisome abuse we witnessed on CoDeeN was what we considered the most sophisticated - unauthorized downloading of licensed content.
Licensed Content Theft - Universities purchase address-authenticated site licenses for electronic journals, limited to the IP ranges they own. PlanetLab's acceptable use policies disallow accessing these sites, but CoDeeN unintentionally extended this access worldwide. We discovered this problem when a site contacted PlanetLab about suspicious activity. This site had previously experienced a coordinated attack that downloaded 50K articles. Unfortunately, such sites do not handle the X-Forwarded-For header that some proxies support to identify the original client IP address. Though this header can be forged, it can be trusted when denying access, assuming nobody would forge it to deny themselves access to a site.
Intra-domain Access - Many university Web pages are similarly restricted by IP address, but are scattered within the domain, making them hard to identify. For example, a department's web site may intersperse department-only pages among publicly-accessible pages. Opportunities arise if a node receives a request for a local document, whether that request was received directly or was forwarded by another proxy.