My $0.02, report to $scanners_isp and cc $your_isp
Provide facts and logs do not make wild accusations or ranting speaches, in my experience people who do so are almost always wrong :) Like writing me about how their ISP told them ai.mit.edu what the place to write to about some thing from 133.99.5.67 (we have 128.52/16) on a single host it is hard to determine intent or accident, when I see an outside host has made a scan of every ip in our range that *means* something. but a single host, if that is your only point of view or if it's a highly visible system (www, ftp, smtp, pop, ns1) may mean something, no harm in reporting it just for the record. as a side note, people do tend to listen to my "official" email both because of the return address and since alot of lab funding is government money unauthorized access or elevation of privilege is a federal (US) crime with a mandatory 6mo prison term, this doesn't really happen from what I understand, but passing that along helps :) no portscanning isn't a crime, but if one occurs the scan can be evidence. -Jon
