: [[.. $ mount /dev/soapbox # you have been warned. ..]] Yes... : *HOW* is one supposed to tell a 'benign' probe from a 'hostile' one, : when it is addressed to a machine that doesn't exist, or to a 'service' : that doesn't exist on an existant machine? Who cares? It's your network. If you don't want the traffic, block it. Research, malicious, virii, or whatever. : HOWEVER, that notwithstanding, *EVERY*ONE* gets reported to the responsible : _network_operator_ -- as an 'apparent virus-infected machine on your network', Waste of bandwidth. Borders on GWF. : The reporting is mostly to help the other operators keep _their_ networks : clean. And to get those machines off-line -- so that they cannot infect There will never be enough fire in the world to make a lazy netadmin GUOTA (Get Up Off Their A$$) It's a waste of bandwidth. : This is one of two _good_ approaches. "Get Permission. *FIRST*" In the old networks, but not now. That's silly in a globally connected infrastructure. : > How do you view the issue of experiments that probe random sites? Should : > this be accepted as "reasonable", or should it be disallowed? Something : > in between? There ain't any better testbed that the real world; test away. If I don't want them testing my network, I'll stop them. It's my network and I'll do what I want with what I paid for. scott