|
|
|
|
|
|
by lucb1e
27 days ago
|
|
|
There are a lot of legit scanners that look for problems to proactively warn the owner, so the mere presence of a packet on a port you aren't advertising somewhere is maybe a bit overkill, but if you think this is abuse: have you considered also reporting the abuse to the originating ISP? Otherwise they can never take action against that subscriber and the blocked IPs will just impact people that come after. ISPs that work with you and terminate subscribers that abuse their service should maybe not be blocked for more than a typical IP lease duration |
|
|
In my experience, most of the scanner firms seem to be creating their own maps of as much of the internet as they can get their grubby hands on, and then sell API access to their database of all services running on all the open ports on all the IP addresses they've probed and scanned and scraped.
Firstly, I don't want my shit listed in these databases. Secondly, the traffic is probably negligible, but it's still coming down my pipes (tubes) without an invitation, and I don't like that, plus they then profit off this uninvited behaviour. It rubs me the wrong way.
Finally, I highly doubt that (m)any of these services are doing it for altruistic purposes. They're doing it for reasons of profit, and then downstream of this is likely access by various intelligence agencies to this data.
I just don't think they have a right to this data.
> but if you think this is abuse: have you considered also reporting the abuse to the originating ISP?
That's a good point, and if I can automate that, then I will, but I don't consider it a priority. Finding the party ultimately responsible for an IP address isn't a particularly simple process.