[matthew1471]

Identifying an issue with the hardware - yeah fair enough. Scanning the ISP’s residential customer range for hacking recon - yes I can see why that might bring a lawsuit.

I don’t port scan my ISP and then complain when they get cross.

[hansvm]

For a meat-space analogy: They noticed a particular carpenter was using faulty strike plates and were prone to opening on their own. They went through and knocked on the doors in a neighborhood built by that carpenter only to find that fully half of them would open at the slightest touch. Upon such a discovery they notified the carpenter and were threatened with legal action. Most people don't knock on _every_ door in a region, but barring certain limited exceptions it's very legal where I live and happens occasionally.

IMO the ISP is even more in the wrong here since the person investigating this didn't even go to the doors himself; he told the ISP he had a message to deliver to each port, and the ISP themselves executed the port scan and chose to report the results back to OP.