[jmuguy]

It seems like systems shouldn't report abuse (at least automatically) for single packet, no round trip, requests unless its reaching denial of service levels of traffic (and maybe these are). Like in particular for SSH there's no way thats even a valid connection attempt until some sort of handshake has occurred.

[franga2000]

But since anyone can submit an abuse complaint, maybe server providers should actually check the abuse reports before triggering the "respond in 2 days or we suspend your server" or similar measure of their ToS.

I've had my main server thrown offline by a bogus abuse report claiming that they received an over 1Gbps DoS attack from my IP even though my server only has a 400 Mbps cap. Had a human actually read the report, they would've seen it was impossible and wouldn't have had to spend 2 days arguing with phone support on my holiday.

[Avamander]

Sometimes that's all the abuse you'll see though, with for example port scans.

[boring_twenties]

Well the obvious answer there is that port scans shouldn't be considered abuse absent other factors like rising to the level of a DoS.

[fullspectrumdev]

Exactly this. A single SYN or TCP connection doesn’t constitute abuse.

Unfortunately many people seem to think otherwise and will spaff abuse reports over an errant SYN packet

[EasyMark]

If you scan a bunch of my ports and you aren’t on my LAN then your IP gets banned (ignored) for a week.

[Dylan16807]

Go for it. But I don't see the relevance to the comment you replied to?

[Avamander]

Recon is the first step in an attack chain. So just ignoring it would let a lot of criminals operate without constraints.