[_fat_santa]

Maybe I'm misunderstanding but how is this blocklist supposed to block anything. Take for example I'm a hacker that wants to port scan general dynamics (they were first on that list). Wouldn't all I need to do is remove their entry from the config file?

[creata]

Well yes, but it's not there to stop you, it's there to stop people who are smart enough to use masscan, but not smart enough to compile it. And I guess, much like locking your front door, there's also an element of keeping honest people honest.

[asddubs]

not even that, according to the linked issue:

> yes, configuration files are specified on the command-line and not hard-coded, so only those performing legitimate surveys of the Internet (possibly wanting to be responsible or respectful of those NOCs who still live in the world of generating abuse complaints when snort tells them to) would be likely to use them. Maybe there are a few script kids out there who are intelligent enough to avoid hitting the small collection of networks on this list to avoid their scans generating abuse complaints that may get their boxes killed, but I guess it's probably a near-zero population

[pwinnski]

Of course. The list isn't even used by default, users of the tool must specify it.

If somehow it were hard-coded into the tool, well, the source is available, as is the ability to port scan any one of a number of other ways.

[0x_rs]

Yes. I suppose, though, it's a win-win situation for both parties because the author can claim to have addressed complaints and hollow threats while allowing anyone to do as they desire and, may we say irresponsibly, remove it.

[Ancapistani]

Also a win for a third party malicious actor - they get a list of networks where the administrators decided to try to block scans instead of addressing their own issues...