In message <cb7990cd-5284-4a9c-bb98-4d55b21b5...@seiden.com>, Mark Seiden <m...@seiden.com> wrote:
>it should be mentioned that shadowserver also notifies those who >register as the owners of that address space. Yes. That is quite a public spirited endeavor in the best traditions of the Internet. >my thinking about this sort of thing, in general, is: > >- it depends on who's doing it and why, and what they do with the information Yes. And my question was deliberately open-ended with regards to those two points, specifically. Shadowserver is an example of a public-interest enterprise. And unless I'm mistaken, we can easily know who they are and what they do with the information they collect. There are however counter-examples... enterprises that are not quite so forthright, either in their willingness to be identified or in the disposition of their results data. >- it's polite enough for me for the good guys to identify >themselves so you (the target) can worry >less when you notice the activity. I agree. But that that raises the question: How would (or should) a "benign" scanning enterprise publicly identify itself in a manner so as to mitigate undue alarm? Regards, rfg
