Joe,
I'll respond to you and this will be my last reply to this thread because I know I won't be able to change your mind.
Yes, it's clear *you* won't be able to.
Saying a company's business decisions are antisocial just because they aren't doing you want is very unhelpful.
Well, then, it's good that that's not what's happening. There are lots of things I would want a business to do that most of 'em aren't doing. We aren't talking about any of those things. We're talking about something that is commonly understood to be a bad thing, bad enough that most AUP's explicitly forbid it.
I don't know how many large ISPs you have worked for but I'm not sure if you understand corporate budgets or politics.
I have worked for large ISP's, I understand corporate budgets and politics, and I'm smart enough to understand that "corporate budgets and politics" do not define what is acceptable within the framework of the Internet. Were "corporate budgets and politics" to define that, we'd be likely to see a balkanized, spam-riddled ghost-of-what-used-to-be-the-Internet where the potential for making a buck defines what is right and what is wrong. Modern corporations are responsible to their shareholders, and many people feel this gives them a free pass. Staffing an abuse desk and reducing these sorts of emissions would seem to be more costly, and certainly there are people who cut corners on their abuse departments in order to save a buck, but the point is that this ultimately results in greater costs further out, when your network is riddled with problems, and your upstreams and peers are applying pressure to you to stop the DDoS attacks coming from your network. Regardless, many companies follow that path, in search of "better performance this quarter." We've seen it all before, and we'll see it all again. Eventually it gets bad enough that either your policies cause you to fold (AGIS, etc), or you're forced to clean up. More enlightened companies can take a longer view, and they'll realize that a well-run network is actually a valuable asset.
If you consider people who port scan the bad guys of the internet then obviously you and I are two different planes of reality.
Clearly. Because the people who port scan are the people who are breaking into boxes (whether manually or automatically), and the people who are breaking into boxes are generally people with no good intent. If you think these are "good guys," you definitely *are* on a different plane of reality.
I had a discussion today with someone who I immensely respect where I talked about port scanning and how people compare it to trying to break in to someone's house. He disagreed and said that port scanning was like being a part of the neighborhood watch and that trying to exploit any vulnerabilities you find would be an attempted break in, I have to agree.
Random port scanning is not like "the neighborhood watch." Neighborhood watches are set up by a neighbor you know, and presumably trust, and even if they have a ridiculous policy of testing doorknobs, they will respect it if you tell them you don't want to participate. Some ISP's fulfill this role by proactively scanning their own IP space for vulnerable machines. They'll tell you your box is hackable, or maybe even sandbox you. That's equivalent to a neighborhood watch. What you're defending is some guy in a ski mask who comes in and visits each house, testing all the doors and windows to see if they open, and who makes note of vulnerable houses. Maybe he then leaves, maybe he then breaks into a house. Even if he leaves, he's leaving with knowledge of insecure houses, and we know that this knowledge is not going to be put to a *positive* use. How you can possibly equate this to a "neighborhood watch" is beyond me.
As for your second point of comparing port scanning to the heinous crimes of rape I'll just ask, "have you lost your damn mind"?
No, of course I haven't, but then again I didn't make such a comparison. I did say "they're much worse." You might want to go back and re-read that little exchange, as you clearly didn't comprehend what I was saying.
Seriously, port scanning a machine compared to the horrid act of abusing someone sexually? Seriously, what will be your next analogy, pedophiles are the same as file sharers?
Seriously, try reading for comprehension.
Port scanning can be a method to find vulnerabilities indeed but what of those of us who port scan before we use certain services?
Scanning a machine that you're authorized to access is not at issue here.
I often scan certain hosts before I use them to make sure they don't have gaping vulnerabilities, should I go to jail?
See above. And below.
The op said nothing about an attack but only a scan, so don't go there.
Ah ha. See, you've just tried to equate your scanning of some machine that you are authorized to use, with what the original poster was complaining about, which was relentless scans by an unauthorized party, where the responsible party actually explicitly requested that such scans stopped. You're trying to make a case that the second case is acceptable because the first is? You're showing yourself as being unable to argue your way out of a paper bag.
Your idea of operations seems simple because you have the black and white barrier, there is no gray for you.
The hell you say.
Some of us actually have a larger userbase and very small budgets.
Your budget is a choice. Maybe not your choice personally, but a choice by someone, regardless. Choices have consequences. Maybe not immediately, but eventually. The ability to see (and ideally, to harness) the long-term effect of your choices is generally what differentiates most of the successful companies that I've seen.
Now I'll say that the company I work for goes after network abusers vigorously. To say that port scanners are miscreants and abusers is your view.
Hm. Well, even dodgy providers like SAVVIS recognize port scanning as a problem: http://www9.savvis.net/corp/Acceptable%20Use%20Policy Section B subsection 2: "including any activity that typically precedes attempts to breach security such as scanning, probing, or other testing or vulnerability assessment activity," So, um, who exactly is it that you work for, I'd love to check out their AUP (tfic).
I think everyone wants to stop botnets and exploits from spreading but Joe, people don't have to answer to you just because you feel that you are privileged because you have a role in the internet.
You seem to be attributing to me something I didn't say.
Scanning and attacks are two different things and I hope you realize this.
One could reasonably say that one is a lesser form of the second. When someone is doing something that is clearly and unambiguously "casing the joint," and isn't authorized to be doing so, that could reasonably be construed as an attack. From afar, you have no way to determine whether or not your unauthorized traffic has the potential for costing my site more (maybe I'm on the far end of a really expensive circuit), or maybe interfering with normal operations (overloading syslog reporting due to heavy firewall rejections), etc. You have no idea what effect scanning has on a remote machine, and if you have no business doing it, assuming that it can't be perceived as an attack and that it won't cause problems is naive.
If a host on my network is attacking a host on yours I'm sure we will work to stop it quickly. If you demand that I turn over the person who scanned you last night at 12:52 am I may ignore you.
Of course, neither I nor the original poster made any such demand. The original poster simply wanted Covad to "make it stop," which would seem to be a fairly reasonable request.
I wish you the best of luck against your crusade against the evil of port scanning.
Since it's "okay" to do that, why don't you post your employer's IP ranges along with an official invitation for NANOG'ers to scan those ranges? Geez. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.